Lucene search
K

438 matches found

OSV
OSV
added 2026/05/06 12:54 p.m.6 views

CLSA-2026-1778072039 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

7.5CVSS6AI score0.00981EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.32 views

CVE-2026-43080 l2tp: Drop large packets with UDP encap

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

0.00122EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/06 7:40 a.m.4 views

CVE-2026-43080

In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series 1. The actual issue is an overflow of 16-bit UDP length field, and it exists in the upstream code. My series added a debug WARN with an overflow...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
OSV
OSV
added 2026/05/05 2:29 a.m.7 views

CLSA-2026-1777948139 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

7.5CVSS5.8AI score0.00981EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/05 12:0 a.m.18 views

VulnCheck KEV: CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

6.9CVSS5.4AI score0.00836EPSS
In wildExploits1References4
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.18 views

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms running Arista EOS with tunnel decapsulation configurations—such as VXLAN Virtual Extensible LAN, decap-groups, or GRE Generic Routing Encapsulation tunnel interfaces—the swit...

6.9CVSS6AI score0.00836EPSS
Exploits1References28
Arista
Arista
added 2026/05/05 12:0 a.m.33 views

Security Advisory 0137

Security Advisory 0137 PDF Date: May 5, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 5, 2026 | Initial release 1.1 | May 7, 2026 | Clarified 7280R3, 7500R3 and 7800R3 exposure is limited 1.2 | May 13, 2026 | Updated Mitigation section with a note of caution 1.3 | May 20, 2026 | Updated...

6.9CVSS5.7AI score0.00836EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 10:3 p.m.8 views

Security Bulletin: Multiple vulnerabilities impact AIX due to OpenSSL

Summary Vulnerabilities in OpenSSL could send contents of an uninitialized memory buffer CVE-2026-31790, cause a use-after-free CVE-2026-28387, cause a NULL pointer dereference CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, or lead to a buffer overflow CVE-2026-31789. OpenSSL is used by AIX as...

9.8CVSS7.8AI score0.00981EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/05/03 9:56 a.m.7 views

OESA-2026-2161 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious...

7.5CVSS7.4AI score0.00981EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2026:1639-1)

"The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1639-1 advisory. Update to version 1.84. Security issues fixed: - CVE-2025-14813: GOSTCTR implementation unable to process mor...

9.9CVSS5.8AI score0.00758EPSS
Exploits0References16
RedHat Linux
RedHat Linux
added 2026/04/30 1:58 p.m.6 views

openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...

7.5CVSS7.6AI score0.00981EPSS
Exploits0References5
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-277 Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key...

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

7.5CVSS8.1AI score0.00981EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013373)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013373 advisory. In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in gtpencapdestroy. syzkaller reported use-after-free in gtpencapdestroy....

5.9AI score0.00195EPSS
Exploits0References4
OSV
OSV
added 2026/04/13 3:48 p.m.12 views

SUSE-SU-2026:21107-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2026-2673: TLS 1.3 servers may choose unexpected key agreement group bsc1259652. - CVE-2026-28387: potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL pointer dereference when processing...

9.8CVSS7.6AI score0.00981EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/13 8:10 a.m.3 views

Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

7.3CVSS6.2AI score0.00981EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.23 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1586)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1586 advisory. Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388...

8.1CVSS7.4AI score0.00981EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/04/11 12:0 a.m.4 views

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:1257-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1257-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processi...

9.8CVSS7.7AI score0.00981EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/04/11 12:0 a.m.15 views

SUSE SLES12: libopenssl-1_0_0-devel / libopenssl-1_0_0-devel-32bit / etc (SUSE-SU-2026:1256-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1256-1 advisory. - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta C...

9.8CVSS7.7AI score0.00981EPSS
Exploits0References16
SUSE Linux
SUSE Linux
added 2026/04/10 3:6 p.m.4 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

7.3CVSS6.1AI score0.00981EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/04/10 2:57 p.m.7 views

Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

7.3CVSS6.1AI score0.00981EPSS
Exploits0References20
Rows per page
Query Builder