Lucene search
K

28 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

Oracle Linux 8 : openssl (ELSA-2026-50323)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50323 advisory. - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolve...

8.8CVSS7.5AI score0.02945EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2621-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2621-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

8.8CVSS7.1AI score0.02719EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.10 views

MiracleLinux 8 : openssl-1.1.1k-16.el8_6 (AXSA:2026-792:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-792:09 advisory. openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL PKCS7verify CVE-2026-45447 Tenable has extracted th...

8.8CVSS6.9AI score0.02945EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:2396-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2396-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2410-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2410-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

8.8CVSS7.1AI score0.02719EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2409-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2409-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

8.8CVSS7.1AI score0.02719EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2026/06/18 12:0 a.m.7 views

openssl security update

1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolves: RHEL-180983 1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing...

8.8CVSS5.8AI score0.05582EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.16 views

Oracle Linux 8 : openssl (ELSA-2026-26275)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-26275 advisory. - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 Tenable has extracted the preceding description block directly...

8.8CVSS6.9AI score0.02945EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/16 12:46 p.m.11 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.8AI score0.02719EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 12:0 a.m.6 views

ALSA-2026:26275 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: Use After Free with SSLfreebuffers CVE-2024-4741 openssl: Heap Use-After-Free in OpenSSL...

8.8CVSS6.8AI score0.02945EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.22 views

RHEL 8 : openssl (RHSA-2026:26275)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26275 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

8.8CVSS6.9AI score0.02945EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2026/06/15 8:6 a.m.9 views

Security update for openssl-3

This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.4AI score0.02719EPSS
Exploits0References36
OSV
OSV
added 2026/06/15 8:5 a.m.4 views

SUSE-SU-2026:2392-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.2AI score0.02719EPSS
Exploits0References12
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:2 a.m.5 views

Heap Use-After-Free in the PKCS7_verify() Function

...

8.8CVSS5.8AI score0.02719EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2026/06/11 12:0 a.m.8 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-73...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References32
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.58 views

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

0.02719EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 12:0 a.m.6 views

UBUNTU-CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References5
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

9.1CVSS5.8AI score0.01079EPSS
Exploits0
Snyk
Snyk
added 2026/04/10 12:11 a.m.3 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the PKCS7VerifySignedData process. An attacker can cause the application to read memory outside the bounds of a heap buffer by submitting a specially crafted PKCS7 message. Remediation Upgrade wolfssl to version...

5.4CVSS5.9AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/03/03 8:25 p.m.3 views

GHSA-HFPC-8R3F-GW53 AWS-LC has PKCS7_verify Signature Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need...

7.5CVSS6AI score0.00779EPSS
Exploits0References6
Rows per page
Query Builder