Lucene search
K

381 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.17 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.7AI score0.0021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47829

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An integer truncation in the ASN.1 decoder occurs when parsing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes in length. This issue specifically affects...

9.1CVSS5.6AI score0.00513EPSS
Exploits0References140
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References118
RedHat Linux
RedHat Linux
added 2026/06/08 2:12 a.m.12 views

libssh: Incorrect Return Code Handling in ssh_kdf() in libssh

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS6.6AI score0.00407EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/03 1:26 p.m.11 views

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 3:49 p.m.10 views

CVE-2022-4991 Tychon is vulnerable to privilege escalation due to OPENSSLDIR location

Tychon includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory that may be controllable by an unprivileged user on Windows. Tychon contains a privileged service that uses this OpenSSL component. A user who can place a specially-crafted openssl.cnf file at an...

6.3AI score0.00254EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:35 p.m.11 views

OESA-2026-2508 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted...

1.8CVSS5.8AI score0.0009EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43576

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6.2AI score0.00139EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 3:10 p.m.10 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in pyOpenSSL [CVE-2026-27448, CVE-2026-27459]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in pyOpenSSL due to a flaw allowing user provided callback to settlsextservernamecallback. This raises an unhandled exception, resulting in connections being accepted that could allow bypassing of security-sensitive...

9.8CVSS5.8AI score0.00704EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/21 2:27 p.m.10 views

CLSA-2026-1779373661 iperf3: Fix of CVE-2024-26306

CVE-2024-26306: use OAEP padding instead of PKCS1 padding for OpenSSL to address timing side-channel in RSA authentication. Note: peers running patched and unpatched iperf3 will fail to authenticate unless the legacy behavior is explicitly opted into via --use-pkcs1-padding on both ends...

5.9CVSS5.8AI score0.01107EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 10:10 a.m.11 views

RHSA-2026:19218 Red Hat Security Advisory: openssl security update

Bulletin has no description...

5.9CVSS7.2AI score0.00981EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 allowed Use After Free in smtpreset in certain situations that might be common in builds using OpenSSL...

9.8CVSS7.7AI score0.55834EPSS
Exploits3References2
NVD
NVD
added 2026/05/19 2:16 p.m.11 views

CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

1.8CVSS0.0009EPSS
Exploits0References1
OSV
OSV
added 2026/05/19 9:9 a.m.8 views

CLSA-2026-1779181743 pyOpenSSL: Fix of CVE-2026-27448

CVE-2026-27448: fix fail-open in settlsextservernamecallback when callback raises exception...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-42029

CipherCtxRef::cipher update inplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVP aes 128,192,256 wrap pad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corrupti...

5.1CVSS5.8AI score0.00019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-41886

Name of the Vulnerable Software and Affected Versions Qt Qt Framework Unix affected versions not specified Description An Uncontrolled Search Path Element issue in the OpenSSL TLS backend of Qt Network qtbase allows a local attacker to load a rogue CA certificate as a trusted system authority. Th...

1.8CVSS5.4AI score0.0009EPSS
Exploits0References20
RubySec
RubySec
added 2026/05/18 12:0 a.m.16 views

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-8721

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes...

9.8CVSS5.6AI score0.00447EPSS
Exploits0References3
OSV
OSV
added 2026/05/15 2:2 p.m.9 views

OESA-2026-2330 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes c...

7.5CVSS7AI score0.00844EPSS
Exploits1References7
OSV
OSV
added 2026/05/13 7:0 a.m.21 views

MGASA-2026-0127 Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

9.8CVSS5.9AI score0.0078EPSS
Exploits1References3
Rows per page
Query Builder