8 matches found
ALSA-2026:22312 Moderate: openssl security update
OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing...
Important: edk2
Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...
Amazon Linux 2 : edk2, --advisory ALAS2-2026-3275 (ALAS-2026-3275)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3275 advisory. Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible...
SUSE-SU-2026:1375-1 Security update for openssl-3
This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CM...
DEBIAN-CVE-2026-28390
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...
OpenSSL 1.0.2 < 1.0.2zp Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 1.0.2zp. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2zp advisory. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereferenc...
Linux Distros Unpatched Vulnerability : CVE-2026-28390
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary:...