Lucene search
K

268 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2 days ago5 views

Security Bulletin: Multiple vulnerabilities affect IBM Cloud Pak System

Summary Multiple vulnerabilities affect IBM Cloud Pak System. These vulnerabilties have been addressed with IBM Cloud Pak System 2.3.5.1. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption c...

8.3CVSS7.5AI score0.01744EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago4 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6.8AI score0.01744EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 11:6 a.m.2 views

SUSE-SU-2026:2648-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS6.3AI score0.02719EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:2598-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2598-1 advisory. This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

8.8CVSS6.5AI score0.02719EPSS
Exploits0References25
OSV
OSV
added 2026/06/23 3:39 p.m.7 views

SUSE-SU-2026:2598-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:2405-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2405-1 advisory. - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in...

8.8CVSS6.5AI score0.02719EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

SUSE SLES15 Security Update : openssl-1_0_0 (SUSE-SU-2026:2399-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2399-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References23
Ubuntu
Ubuntu
added 2026/06/18 4:30 p.m.14 views

USN-8452-1: pbkdf2 vulnerability

Nikita Skovoroda discovered that pbkdf2 did not properly validate certain algorithm names. An attacker could possibly use this issue to generate predictable cryptographic keys, resulting in signature spoofing...

9.1CVSS5.4AI score0.00359EPSS
Exploits0
OSV
OSV
added 2026/06/15 3:5 p.m.8 views

SUSE-SU-2026:2399-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delt...

8.8CVSS8.3AI score0.02719EPSS
Exploits0References16
OSV
OSV
added 2026/06/15 2:34 p.m.3 views

SUSE-SU-2026:2397-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.8CVSS5.2AI score0.02719EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 2026/06/15 8:5 a.m.6 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.3AI score0.02719EPSS
Exploits0References22
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:5 a.m.10 views

Possible NULL Dereference in Password-Based CMS Decryption

...

5.9CVSS5.8AI score0.00595EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:4 a.m.9 views

Out-of-Bounds Read in CMS Password-Based Decryption

...

7.5CVSS5.8AI score0.00297EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.15 views

SUSE CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

3.7CVSS5.7AI score0.00297EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.10 views

openssl: Possible NULL Dereference in Password-Based CMS Decryption

A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax CMS decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.10 views

openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

7.4CVSS5.5AI score0.00196EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.12 views

openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5.4AI score0.00297EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.12 views

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS5.8AI score0.02719EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.14 views

openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5.4AI score0.00297EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 12:42 p.m.6 views

SUSE-SU-2026:22132-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698. - CVE-2026-7383:...

9.1CVSS6.9AI score0.02719EPSS
Exploits0References24
Rows per page
Query Builder