2237 matches found
CVE-2026-42295 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-fips, argo-workflows, kubeflow-pipelines-driver-fips, kubeflow-pipelines, argo-workflows-fips...
Rancher has Privilege Escalation from Project Owner to Host
Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...
CVE-2026-13757
CVE-2026-13757 affects p11-kit. The RPC attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() can form a mutually-recursive call chain with no recursion depth limit when handling nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TE...
gnutls: gnutls: Information disclosure via heap overread in RSA key exchange
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...
gnutls: gnutls: Information disclosure via heap overread in RSA key exchange
A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...
gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling
A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...
GHSA-W6C6-C85G-MMV6 vulnerabilities
Vulnerabilities for packages: ratify-fips, commercial-chainloop-backend, crossplane-fips, kyverno, aactl, trivy, kyverno-fips, kubescape-server, crossplane, chainctl-fips, cloudbeat, ko-fips, kubescape, trivy-operator-fips, trivy-fips, kyverno-notation-aws-fips, commercial-chainloop-cli,...
GHSA-W879-237Q-WC7R golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...
DEBIAN-CVE-2026-6329
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...
CVE-2026-6681
The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...
CVE-2026-6329
PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...
EUVD-2026-39560
Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...
PT-2026-52602
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description PKCS12 MAC verification uses a comparison length controlled by an attacker, which weakens the integrity check on the Message Authentication Code MAC and allows a...
Astra Linux – Vulnerability in OpenSSL
Issue summary: Processing a maliciously formatted PKCS12 file may cause OpenSSL to crash, leading to a potential Denial of Service attack. Impact summary: Applications that load files in PKCS12 format from untrusted sources may experience abrupt termination. A PKCS12 format file can contain...
PT-2026-49569
Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.30 Description The parse options header function parsed Content-Disposition and Content-Type headers using email.message.Message, which applies RFC 2231/5987 decoding. This allows extended parameter synta...
[SECURITY] Fedora 43 Update: weasyprint-69.0-1.fc43
WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...
[SECURITY] Fedora 44 Update: weasyprint-69.0-1.fc44
WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...
openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...
GHSA-P92Q-9VQR-4J8V vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, wazuh-dashboard, nextcloud-server, opensearch-dashboards-fips, wazuh-dashboard-fips, awx, opensearch-dashboards, gitlab-rails-ce...
CVE-2026-44487 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce-fips, wazuh-dashboard, nextcloud-server, opensearch-dashboards-fips, wazuh-dashboard-fips, awx, opensearch-dashboards, gitlab-rails-ce...