23267 matches found
ROS-20260420-73-0007
A vulnerability in the TSRESPverifyresponse function of the OpenSSL library is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0015
A vulnerability in the PKCS7digestfromattributes function of the OpenSSL library is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0017
A vulnerability in the SSLCIPHERfind function of the OpenSSL library is related to pointer dereferencing. Exploitation of the vulnerability may allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0004
A vulnerability in the PKCS12getfriendlyname function of the OpenSSL library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260420-73-0003
A vulnerability in the OpenSSL library PKCS12 file format is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code...
ROS-20260420-73-0002
A vulnerability in the BIOflinebuffer function of the OpenSSL library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2026-6482
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1429-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1429-1 advisory. This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS...
Security update for openssl-3
This update for openssl-3 fixes the following issue: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2026:1429-1 Security update for openssl-3
This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...
EUVD-2026-23376
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482 Local Privilege Escalation via OpenSSL configuration file in Insight Agent
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
CVE-2026-6482
The CVE-2026-6482 entry describes a Local Privilege Escalation in Rapid7 Insight Agent (Windows) versions > 4.1.0.2. At startup, the high-privilege agent service loads an OpenSSL configuration file from a directory writable by standard users; a crafted openssl.cnf can cause the service to exec...
Unity Linux 20.1070a Security Update: openssl (UTSA-2026-007292)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007292 advisory. Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code poin...
PT-2026-33413
The Rapid7 Insight Agent versions 4.1.0.2 is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service attempts to load an OpenSSL configuration file from a non-existent directory that is writable by standard...
SUSE SLED15 / SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1386-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1386-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer...
SUSE SLED15 / SLES15 Security Update : openssl-3 (SUSE-SU-2026:1375-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1375-1 advisory. Security issues fixed: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. -...