Lucene search
K

105 matches found

Vulnrichment
Vulnrichment
added 2026/04/07 10:0 p.m.4 views

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.2AI score0.00631EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.12 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.3AI score0.00631EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 10:0 p.m.30 views

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

0.00631EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 10:0 p.m.145 views

CVE-2026-28387

CVE-2026-28387 is a vulnerability in the DANE client code of OpenSSL related to an uncommon TLSA record configuration that may cause a use-after-free or double-free on the client. Public advisories across multiple vendors confirm the issue and reference OpenSSL versions affected and available fix...

8.1CVSS6.3AI score0.00631EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/04/07 10:0 p.m.4 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00631EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-28387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may...

8.1CVSS8.2AI score0.00631EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 12:0 a.m.5 views

UBUNTU-CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00631EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

8.1CVSS7.5AI score0.00631EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/07 12:0 a.m.6 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.1AI score0.00631EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

OpenSSL Security Advisory 20260407

OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...

7.5CVSS6.1AI score0.01059EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-31036

Name of the Vulnerable Software and Affected Versions versions not specified Description An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side....

8.1CVSS6.1AI score0.01059EPSS
Exploits0References122
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-4352

Malware in sbrugna...

5CVSS6.1AI score0.0192EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2013-4335

Malware in sbrugna...

5CVSS6AI score0.01978EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.30 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-591)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-591 advisory. A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios...

5.3CVSS6.2AI score0.00718EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/02/20 12:0 a.m.29 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-521)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-521 advisory. A vulnerability was found in GnuTLS, where a cockpit which uses gnuTLS rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with...

7.5CVSS6.6AI score0.01408EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/01/08 12:0 a.m.26 views

Amazon Linux 2023 : gnutls, gnutls-c++, gnutls-dane (ALAS2023-2024-463)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-463 advisory. A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. Only TLS ciphertext...

5.9CVSS6.5AI score0.01257EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.2 views

SUSE CVE-2013-4466

Buffer overflow in the danequerytlsa function in the DANE library libdane in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries...

5CVSS6.7AI score0.01978EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:35 a.m.4 views

SUSE CVE-2013-4487

Off-by-one error in the danerawtlsa in the DANE library libdane in GnuTLS 3.1.x before 3.1.16 and 3.2.x before 3.2.6 allows remote servers to cause a denial of service memory corruption via a response with more than four DANE entries. NOTE: this issue is due to an incomplete fix for CVE-2013-4466...

5CVSS6.5AI score0.0192EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2022/10/21 12:0 a.m.25 views

Cisco Email Security Appliance DNS Verification DoS (cisco-sa-esa-dos-MxZvGtgU)

According to its self-reported version, Cisco Email Security Appliance is affected by a vulnerability in the DNS-based Authentication of Named Entities DANE email verification component that allows an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected devic...

7.5CVSS7.7AI score0.01833EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/02/18 5:19 a.m.79 views

Attackers Can Crash Cisco Email Security Appliances by Sending Malicious Emails

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance ESA that could result in a denial-of-service DoS condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 CVSS...

7.5CVSS1.4AI score0.01833EPSS
Exploits0
Rows per page
Query Builder