200 matches found
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wolfSSLd2iSSLSESSION function when deserializing session data with the SESSIONCERTS option enabled. An attacker can corrupt heap memory and potentially execute arbitrary code or cause a crash by supplyi...
CVE-2026-2646
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...
CVE-2026-2646
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...
CVE-2026-2646
A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSLd2iSSLSESSION function. When deserializing session data with SESSIONCERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and...
AlmaLinux 10 : delve (ALSA-2026:3864)
The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:3864 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in...
RHEL 10 : skopeo (RHSA-2026:3343)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3343 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...
CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command
A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...
kernel security update
4.18.0-553.105.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...
Astra Linux – Vulnerability in syslog-ng
syslog-ng is an enhanced logging daemon. Prior to version 4.8.2, the tlswildcardmatch function matched against certificates like foo..bar, although this is not allowed. It is also possible to pass partial wildcards, such as foo.ac.bar, which glib logs match, but this should be avoided/disabled...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414675)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414675 advisory. The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection mechanism. This affects certs/blacklist.c a...
SUSE-SU-2025:03118-1 Security update for regionServiceClientConfigEC2
This update for regionServiceClientConfigEC2 contains the following fixes: - Update to version 5.0.0. bsc1246995 + SLE 16 python-requests requires SSL v3 certificates. Update 2 region server certs to support SLE 16 when it gets released. - Update dependency to accomodate metadata binary package...
Linux Distros Unpatched Vulnerability : CVE-2023-38686
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP...
PT-2025-34125
Name of the Vulnerable Software and Affected Versions: StrongDM versions affected versions not specified Description: The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificat...
Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report
Statistics on2024 trending vulnerabilitieswere featured in the OIC-CERT annual report. The Organisation of Islamic Cooperation OIC is the largest and most influential official intergovernmental Muslim international organization. It currently unites 57 countries with a population of about 2 billio...
Linux Distros Unpatched Vulnerability : CVE-2020-7919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Go before 1.12.16 and 1.13.x before 1.13.7 and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go allows attacks on clients resulting...
CLSA-2025-1751552694 Update of shim
Use both AlmaLinux and CloudLinux certs for checking images - Debrand to TuxCare - No SB support for aarch64 on TuxCare yet...
CVE-2020-11700
An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter fname, used on the page certs-x.php, would allow an attacker to retrieve the contents of arbitrary files. The user has to be authenticated before interacting with this page...
Fedora 41 : krb5 (2025-3e5228ee23)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-3e5228ee23 advisory. - Prevent overflow when calculating ulog block size CVE-2025-24528 - Support PKCS11 EC client certs in PKINIT - kdb5util: fix DB entry flags on modification ...
UBUNTU-CVE-2025-24032
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...