Lucene search
+L

1346 matches found

CVE
CVE
added 2026/06/23 3:36 a.m.44 views

CVE-2026-55653

CVE-2026-55653 affects OpenSSH and describes a double-free in the DH-GEX client path during FIPS known-group validation, allowing a malicious SSH server to terminate the client process and cause a Denial of Service. The issue is tied to processing attacker-controlled DH-GEX group parameters and i...

6.5CVSS5.8AI score0.00242EPSS
Exploits1References3Affected Software4
OSV
OSV
added 2026/06/23 3:36 a.m.4 views

CVE-2026-55653 Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

4.3CVSS5.8AI score0.00242EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.22 views

CVE-2026-55653

A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client processes attacker-controlled DH-GEX...

6.5CVSS5.8AI score0.00242EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51471

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description A double free flaw exists in the Diffie-Hellman Group Exchange DH-GEX client path. This occurs during FIPS Federal Information Processing Standards mode known-group validation when the client...

6.5CVSS6.1AI score0.00242EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-55653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie- Hellman Group Exchange DH-GEX client path. This occur...

6.5CVSS5.9AI score0.00242EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: crypto: qat – added parameter checks for DH. Requests with a source buffer that is larger than the size of the key are being rejected. This is to prevent a possible integer underflow that might occur when copying the source...

5.5CVSS6.3AI score0.0025EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:42 p.m.66 views

Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities

Question Security Bulletin: Securing your products against OpenSSL and TLS vulnerabilities "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All...

5.4AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/15 2:34 p.m.4 views

SUSE-SU-2026:2397-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.2AI score0.02719EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/06/13 2:19 a.m.10 views

SUSE CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5CVSS5.2AI score0.00259EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.17 views

openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.12 views

openssl: FFC-DH Peer Validation Uses Attacker-Supplied q

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 12:42 p.m.7 views

SUSE-SU-2026:22132-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698. - CVE-2026-7383:...

9.1CVSS6.9AI score0.02719EPSS
Exploits0References24
RedhatCVE
RedhatCVE
added 2026/06/10 1:34 p.m.14 views

CVE-2026-42770

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

5.9CVSS5AI score0.00259EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-42770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: ...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.20 views

EUVD-2026-35487

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.43 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

0.00259EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.11 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5.4AI score0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.67 views

CVE-2026-42770

CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 4:3 p.m.3 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS7AI score0.00259EPSS
Exploits0References8
Rows per page
Query Builder