Lucene search
K

346 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/03/28 12:0 a.m.3 views

Security update for python-pyOpenSSL (important)

openSUSE security update: security update for python-pyopenssl ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20419-1 Rating: important References: bsc1259804 bsc1259808 Cross-References: CVE-2026-27448 CVE-2026-27459 CVSS scores: CVE-2026-27448 SU...

8.3CVSS6.1AI score0.00704EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 2:3 p.m.3 views

OESA-2026-1732 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 2:3 p.m.6 views

OESA-2026-1731 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 2:3 p.m.8 views

OESA-2026-1730 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References3
OSV
OSV
added 2026/03/25 3:41 a.m.3 views

OPENSUSE-SU-2026:20419-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issues: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804. - CVE-2026-27459: large cookie value can lead to a buffer overflow bsc1259808...

9.8CVSS6.1AI score0.00704EPSS
Exploits0References4
Veracode
Veracode
added 2026/03/21 5:27 a.m.6 views

TLS Connection Bypass

pyOpenSSL is vulnerable to TLS connection bypass. The vulnerability is due to an unhandled exception in a user-provided settlsextservernamecallback, where the exception is not caught and results in the connection being accepted, allowing attackers to bypass security-sensitive checks...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References3Affected Software2
Microsoft CVE
Microsoft CVE
added 2026/03/19 8:4 a.m.3 views

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

...

6.3CVSS5.8AI score0.00241EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/19 12:26 a.m.6 views

SUSE CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

3.7CVSS5.8AI score0.00241EPSS
Exploits0References19
NVD
NVD
added 2026/03/18 12:16 a.m.7 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS0.00241EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 12:16 a.m.4 views

DEBIAN-CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

5.3CVSS5.3AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 12:0 a.m.5 views

UBUNTU-CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/17 11:24 p.m.41 views

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:24 p.m.19 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/17 11:24 p.m.3 views

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 11:24 p.m.201 views

CVE-2026-27448

CVE-2026-27448 is a pyOpenSSL vulnerability (SNI/TLSEXT callback) where an unhandled exception in set_tlsext_servername_callback could cause a connection to be accepted. IBM security notes reiterate that this flaw exists in pyOpenSSL versions prior to 26.0.0 and that starting with 26.0.0 unhandle...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/17 11:24 p.m.5 views

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.9AI score0.00241EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/17 11:24 p.m.7 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.3AI score0.00241EPSS
Exploits0
Snyk
Snyk
added 2026/03/16 3:15 p.m.4 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the settlsextservernamecallback function. An attacker can bypass security-sensitive checks by causing an unhandled exception in the callback, which results in the connection being accepted. If a...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 3:15 p.m.7 views

GHSA-VP96-HXJ8-P424 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/16 3:15 p.m.16 views

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder