Lucene search
K

151 matches found

RedHat Linux
RedHat Linux
added 3 days ago4 views

Important: Red Hat Security Advisory: gnutls and libtasn1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common...

9.8CVSS7AI score0.01335EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 3 days ago4 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago5 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago4 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Oracle Linux 9 : gnutls (ELSA-2026-20612)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20612 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01335EPSS
Exploits2References14
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.5 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:24 p.m.3 views

GO-2026-5052 Vulnerability in software.sslmate.com/src/go-pkcs12

Users who decode PKCS12 files from untrusted sources and rely on the password for authentication can be tricked into accepting malicious PKCS12 files...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/20 2:16 a.m.12 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS0.00354EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/20 12:46 a.m.5 views

CVE-2026-9265

Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...

9.1CVSS6.1AI score0.00354EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/16 4:53 p.m.3 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.5AI score0.00727EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.15 views

SUSE CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

3.1CVSS5.5AI score0.00196EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 4:3 p.m.61 views

CVE-2026-34181

The CVE-2026-34181 issue affects PKCS#12 file processing in OpenSSL where insufficient input validation for PBMAC1 allows forging certificates and private keys. An attacker impersonating a user could cause a service that reads PKCS#12 files to accept forged certificates and keys with about a 1 in...

7.4CVSS5.6AI score0.00196EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/09 12:0 a.m.4 views

UBUNTU-CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

7.4CVSS5.5AI score0.00196EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.12.0 : shim (EulerOS-SA-2026-2114)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impac...

7.5CVSS7.6AI score0.00844EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.8 views

EulerOS Virtualization 2.10.1 : shim (EulerOS-SA-2026-2036)

According to the versions of the shim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impa...

7.5CVSS6.1AI score0.00844EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.8 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.6AI score0.00447EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 3:43 p.m.10 views

RLSA-2026:19187 Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to...

7.4CVSS7.5AI score0.00444EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.15 views

compat-openssl11 security update

An update is available for compat-openssl11. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The OpenSSL toolkit provides support for secure communications betwe...

7.4CVSS7.5AI score0.00444EPSS
Exploits1
OSV
OSV
added 2026/05/26 10:16 p.m.10 views

ALPINE-CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 10:16 p.m.12 views

CVE-2026-42015

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS0.00727EPSS
Exploits0References14
Rows per page
Query Builder