Lucene search
K

265 matches found

OSV
OSV
added 2026/06/26 11:6 a.m.2 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2598-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2598-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References25
OSV
OSV
added 2026/06/23 3:39 p.m.7 views

SUSE-SU-2026:2598-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2026:2399-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2399-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2405-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2405-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/15 3:5 p.m.6 views

SUSE-SU-2026:2399-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delt...

8.8CVSS8.3AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/15 2:34 p.m.3 views

SUSE-SU-2026:2397-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.2AI score0.02719EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 2026/06/15 8:5 a.m.5 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.3AI score0.02719EPSS
Exploits0References22
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:5 a.m.10 views

Possible NULL Dereference in Password-Based CMS Decryption

...

5.9CVSS5.8AI score0.00595EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:4 a.m.9 views

Out-of-Bounds Read in CMS Password-Based Decryption

...

7.5CVSS5.8AI score0.00297EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.13 views

SUSE CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

3.7CVSS5.7AI score0.00297EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.9 views

openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5.4AI score0.00297EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.8 views

openssl: Possible NULL Dereference in Password-Based CMS Decryption

A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax CMS decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.9 views

openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

7.4CVSS5.5AI score0.00196EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.9 views

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.10 views

openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5.4AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 12:42 p.m.5 views

SUSE-SU-2026:22132-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698. - CVE-2026-7383:...

9.1CVSS6.9AI score0.02719EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.15 views

RHEL 10 : openssl (RHSA-2026:25237)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25237 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.1CVSS6AI score0.02719EPSS
Exploits0References32
RedhatCVE
RedhatCVE
added 2026/06/10 1:26 p.m.11 views

CVE-2026-34181

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

7.4CVSS7.2AI score0.00196EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 1:26 p.m.9 views

CVE-2026-9076

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5AI score0.00297EPSS
Exploits0References3
Rows per page
Query Builder