Lucene search
+L

200 matches found

RedhatCVE
RedhatCVE
added 2026/07/09 2:31 p.m.7 views

CVE-2026-42765

A flaw was found in OpenSSL. When an application is configured with specific non-default settings for certificate verification, including both Online Certificate Status Protocol OCSP response checking and partial chain verification, a NULL dereference can occur. This vulnerability can be triggere...

7.5CVSS7AI score0.00419EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.6 views

mod_md security update

An update is available for modmd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module manages common properties of domains for one or more virtual hosts...

7.3CVSS7AI score0.00628EPSS
Exploits0
OSV
OSV
added 2026/07/05 12:5 p.m.7 views

RLSA-2026:30845 Moderate: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...

7.5CVSS5.9AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 12:3 p.m.5 views

RLSA-2026:30844 Moderate: mod_md security update

This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal. Security Fixes: httpd:...

7.5CVSS7.1AI score0.00628EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 2:55 a.m.7 views

httpd: mod_md: unrestricted OCSP response leads to resource exhaustion

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

7.3CVSS7AI score0.00628EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:18 p.m.8 views

httpd: mod_md: unrestricted OCSP response leads to resource exhaustion

A flaw was found in the modmd module of httpd. When processing OCSP Online Certificate Status Protocol responses from a malicious or compromised OCSP responder, the module fails to enforce proper size limits on the incoming data. This issue leads to memory exhaustion and a denial of service...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.19 views

gnutls: gnutls: Security bypass allows acceptance of revoked server certificates via crafted OCSP response

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.4AI score0.0072EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.10 views

Important: Red Hat Security Advisory: tomcat security update

An update for tomcat is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 1:59 p.m.11 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.4AI score0.00498EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 12:0 a.m.6 views

ALSA-2026:26323 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation CVE-2026-24734 For more details about the security issues, including the impact, a CVSS...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/10 9:40 a.m.3 views

httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server

A flaw was found in Apache HTTP Server. This buffer over-read vulnerability occurs when the server processes outbound Online Certificate Status Protocol OCSP requests directed to an attacker-controlled OCSP server. This could allow a remote attacker to read sensitive information from memory or...

7.3CVSS6.1AI score0.00598EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.10 views

SUSE CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

6.5CVSS5.4AI score0.00598EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/09 6:33 p.m.11 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference during OCSP response checking. When a verification chain lacks a self-signed trusted anchor, the issuer of the last certificate is NULL, but the OCSP code accesses the next certificate as the issuer, dereferenci...

7.5CVSS7.2AI score0.00419EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.13 views

EUVD-2026-35480

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

6AI score0.00245EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/09 4:3 p.m.9 views

CVE-2026-35188

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

5CVSS6.1AI score0.00245EPSS
Exploits0
OSV
OSV
added 2026/06/09 12:0 a.m.9 views

UBUNTU-CVE-2026-42765

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS5.4AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 12:0 a.m.9 views

UBUNTU-CVE-2026-35188

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

5CVSS6.1AI score0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:22 p.m.135 views

CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

0.00598EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.19 views

CVE-2026-42791

A flaw was found in Erlang OTP's publickey application, specifically in the Online Certificate Status Protocol OCSP response verification. A remote attacker who has obtained the private key of an expired Certificate Authority CA-designated OCSP responder certificate can forge OCSP responses. This...

6.3CVSS5.9AI score0.00316EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7009

A flaw was found in curl. When curl is configured to use the Certificate Status Request TLS Transport Layer Security extension, also known as OCSP Online Certificate Status Protocol stapling, it fails to properly detect issues with the OCSP response. This can lead curl to incorrectly validate a...

5.3CVSS5.8AI score0.00267EPSS
Exploits1References7
Rows per page
Query Builder