AI Found Twelve New Vulnerabilities in OpenSSL

The title of the post is"What AI Security Research Looks Like When It Works," and I agree: In the latest OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities meaning unknown to the maintainers at time of disclosure were announced. Our AI system is responsible for the...

[SECURITY] Fedora 42 Update: libssh-0.11.4-1.fc42

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, trans fer files, use a secure and transparent tunnel for your remote...

Important: openssl

Issue Overview: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. CVE-2025-15468 A TLS 1.3 connection using certificate compression can be forced to allocate a large buffer before...

Medium: curl

Issue Overview: No QUIC certificate pinning with GnuTLS NOTE: https://curl.se/docs/CVE-2025-13034.html NOTE: Introduced with: https://github.com/curl/curl/commit/3210101088dfa3d6a125d213226b092f2f866722 curl-880 NOTE: Fixed by:...

Linux Distros Unpatched Vulnerability : CVE-2026-23229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark...

Oracle Linux 7 : openssl (ELSA-2026-50114)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50114 advisory. 1.0.2k-26.0.1fips - Change Epoch from 1 to 10 - Fix DH self-test to add shared secret comparison Orabug: 32467026 - Add DH support changes for SP 800-56A rev3...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

Moderate: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

Low: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : edk2 (RHSA-2026:2776)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2776 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

edk2 security update

20241117-4.0.1.el97.3 - Replace upstream references Orabug:36569119 20241117-4.el97.3 - edk2-OvmfPkg-MemEncryptSevLib-Evict-cache-lines-during-SN.patch RHEL-125104 - edk2-MdePkg-Add-the-COHERENCYSFWNO-CPUID-bit-field.patch RHEL-125104 -...

Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the security issues, includi...

ALSA-2026:2776 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the security issues, includi...

RHEL 9 : edk2 (RHSA-2026:2771)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2771 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

Python Cryptographic Authority: Fail-Open in set_tlsext_servername_callback on pyopenssl via unhandled exceptions leads to security bypass

A vulnerability was discovered in the pyopenssl library's handling of the Server Name Indication SNI callback settlsextservernamecallback. The internal wrapper for this callback catches all Python exceptions raised by user code but returns 0 Success/SSLTLSEXTERROK to the underlying OpenSSL engine...

CLSA-2026-1771237525 Fix CVE(s): CVE-2025-69419

SECURITY UPDATE: check return code of UTF8putc - debian/patches/CVE-2025-69419.patch: add missing return code checks for UTF8putc in astrex.c and OPENSSLuni2utf8 in p12utl.c. - CVE-2025-69419...

Security Bulletin: OpenSSL stack buffer overflow vulnerability affect IBM Cloud Pak System [CVE-2025-15467]

Summary Stack buffer overflow vulnerability in OpenSSL shipped with OS Image for Red Hat Enterprise Linux System affect IBM Cloud Pak System. Stack buffer overflow that can be exploited by a remote attacker to cause a Denial of Service DoS or potentially allow for remote code execution...

CVE-2026-2574

A flaw was found in glib-networking. A malicious Transport Layer Security TLS server can exploit an out-of-bounds read and invalid free vulnerability when a client using the OpenSSL backend connects. By advertising a specially crafted client-CA list, the server can trigger an issue where memory i...

OpenSSL 3.x Realistic ASN.1 / PKCS#12 Denial of Service Tool

This proof of concept builds structurally correct ASN.1 DER / PKCS12 files designed to stress-test OpenSSL's parser and memory handling. It focuses on non-exploitative impacts such as denial of service, excessive memory consumption, deep recursion, malformed lengths, and duplicated/overlapping...