Lucene search
K

1147 matches found

NVD
NVD
added yesterday7 views

CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday19 views

CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday21 views

CVE-2026-58101 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

OpenVPN 2.5.0 < 2.5.12 / 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Memory Leak DoS

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by a denial of service vulnerability: - A memory leak in tls-crypt-v2 client key handling allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a deni...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References3
Mageia
Mageia
added 6 days ago4 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/07 12:0 a.m.4 views

Security update for perl-Crypt-SaltedHash (critical)

openSUSE Security Update: Security update for perl-Crypt-SaltedHash Announcement ID: openSUSE-SU-2026:0230-1 Rating: critical References: 1265912 1265927 Cross-References: CVE-2026-47372 CVE-2026-47373 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes two vulnerabilities is no...

9.1CVSS5.9AI score0.00397EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/06 10:8 p.m.8 views

CVE-2026-14570

A flaw was found in Crypt::DSA. Versions before 1.22 for Perl use a biased random number generator when creating the Digital Signature Algorithm DSA signing nonce and private key. This bias allows a remote attacker to recover the private key through a lattice attack if they collect a sufficient...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References6
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-41516

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA PKCS1 v1.5 decryption implementation in the Hisilicon HPRE crypto driver...

3.3CVSS0.00099EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:13 p.m.6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6AI score0.00549EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 2:13 p.m.21 views

CVE-2026-13698

CVE-2026-13698 is a memory-leak issue in OpenVPN related to tls-crypt-v2 client key handling, as noted in Mageia advisory MGASA-2026-0236. The advisory explicitly links this CVE to a memory leak that could contribute to server instability or crashes. Mageia reports the OpenVPN vulnerability along...

7.5CVSS6AI score0.00549EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:13 p.m.35 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS0.00549EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/07/06 2:13 p.m.6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

7.5CVSS6AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2026/07/05 2:17 a.m.5 views

UBUNTU-CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/05 1:30 a.m.40 views

CVE-2026-14570 Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

0.00508EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:30 a.m.9 views

CVE-2026-14570

Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search. The signing nonce a...

5.9AI score0.00508EPSS
Exploits0References4
CVE
CVE
added 2026/07/05 1:30 a.m.22 views

CVE-2026-14570

CVE-2026-14570 affects Crypt::DSA for Perl up to version 1.21, where Crypt::DSA::Util::makerandom biases the top bit to produce N-bit integers. This causes the DSA signing nonce and the private key to be drawn from a non-uniform distribution. Attackers who observe a modest number of signatures un...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References4
Fedora
Fedora
added 2026/07/05 1:10 a.m.6 views

[SECURITY] Fedora 44 Update: perl-Crypt-ScryptKDF-0.011-1.fc44

Scrypt is a password-based key derivation function like for example PBKDF2. Scrypt was designed to be "memory-hard" algorithm in order to make it expensive to perform large scale custom hardware attacks...

4.8CVSS5.9AI score0.00222EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/07/01 12:0 a.m.7 views

openvpn -- multiple vulnerabilities

The OpenVPN community project team reports: ... OpenVPN 2.7.5 ... is a bugfix release fixing several security issues: Fix use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel + authentication packets CVE-2026-12996 Fix use-after-free bug in tlswrapreneg,...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References2
Rows per page
Query Builder