CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

CVE-2026-45447 Heap Use-After-Free in the PKCS7_verify() Function

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

Unbreakable Enterprise kernel security update

6.12.0-203.76.7.3 - arm64: errata: Mitigate TLBI errata on various Arm CPUs Mark Rutland Orabug: 39017589 CVE-2025-10263 - arm64: tlb: Add ARM64WORKAROUNDREPEATTLBISYNC Mark Rutland Orabug: 39017589 - arm64: tlb: allow XZR argument to TLBI ops Mark Rutland Orabug: 39017589 - arm64: cputype: Add...

OESA-2026-2161 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious...

JLSEC-2026-277 Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key...

Issue summary: Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Impact summary: The uninitialized buffer might contain sensitive data from the previous execution of the application process whi...

SUSE CVE-2026-28386

Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service fo...

PT-2026-31035

Name of the Vulnerable Software and Affected Versions OpenSSL FIPS Module version 3.6 Description Applications utilizing AES-CFB128 encryption or decryption on systems equipped with AVX-512 and VAES support may experience an out-of-bounds read of up to 15 bytes when handling partial cipher blocks...

K000160555: OpenSSL vulnerability CVE-2026-22795

Security Advisory Description Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting ...

ROS-20260209-73-0011

A vulnerability in the FIPS Module component of the OpenSSL cryptographic library is related to reading beyond memory boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

openssl security update

3.5.1-7.0.1fips - Update additional upstream references - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35824276 - Update FIPS module name Orabug: 35824276 3.5.1-7.0.1 - Enable openssl-fips-provider dependency Orabug: 36504822 - Temporary disable...

UBUNTU-CVE-2026-22795

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

UBUNTU-CVE-2025-15469

Issue summary: The 'openssl dgst' command-line tool silently truncates input data to 16MB when using one-shot signing algorithms and reports success instead of an error. Impact summary: A user signing or verifying files larger than 16MB with one-shot algorithms such as Ed25519, Ed448, or ML-DSA m...

Astra Linux – Vulnerability in OpenSSL

Issue summary: An application that uses the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the ‘noproxy’ environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can cause a crash,...

EUVD-2025-34635

When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module HSM may fail to initialize. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-60013

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successful exploit can allow the...

CVE-2025-60013 F5OS-A FIPS HSM password vulnerability

When a highly-privileged, authenticated attacker attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, arbitrary system commands may be executed, and the FIPS hardware security module HSM may fail to initialize. A successful exploit can allow the...

gnutls security update

3.8.3-6.2fips - Add FIPS package change: add fips suffix to Release and set Epoch to 10 Orabug: 35925409 - Update FIPS module name for Oracle Linux Orabug: 35925409 3.8.3-6.2 - keyupdate: rework the rekeying logic RHEL-107498 3.8.3-6.1 - Fix CVE-2025-32988, CVE-2025-32989, CVE-2025-32990, and...

Denial Of Service (DoS)

org.bouncycastle, bc-fips is vulnerable to Denial Of Service DoS. The vulnerability is due to excessive allocation in the org.Bouncycastle.Crypto.Fips.NativeLoader module, which allows an attacker to exhaust system resources and cause a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2022-45146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue ...

SUSE CVE-2024-13176

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would...