Lucene search
+L

47 matches found

CVE
CVE
added yesterday28 views

CVE-2026-45784

Summary: The rust-openssl crate contains a vulnerability in CipherCtxRef::cipher_update_inplace for AES key-wrap-with-padding ciphers (EVP_aes_{128,192,256}_wrap_pad). In versions 0.10.50–0.10.80, output buffers were incorrectly sized, causing writes up to 7 bytes past the caller’s buffer for non...

5.1CVSS5.6AI score0.00019EPSS
Exploits0References4
OSV
OSV
added 3 days ago3 views

SUSE-SU-2026:3040-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length...

9.3CVSS6.2AI score0.00359EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 3 days ago4 views

Security update for python-cryptography

This update for python-cryptography fixes the following issues CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-...

8.7CVSS6.6AI score0.00359EPSS
Exploits0References32
OSV
OSV
added 3 days ago4 views

SUSE-SU-2026:3026-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust-...

9.3CVSS6.6AI score0.00359EPSS
Exploits0References17
SUSE Linux
SUSE Linux
added 4 days ago4 views

Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. CVE-2026-41677: openssl: out-of-bounds read in PEM password...

8.7CVSS6.2AI score0.00559EPSS
Exploits1References36
OSV
OSV
added 4 days ago2 views

SUSE-SU-2026:2975-1 Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.3CVSS6.2AI score0.00559EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

openSUSE 16 Security Update : python-maturin (openSUSE-SU-2026:21285-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21285-1 advisory. This update for python-maturin fixes the following issues - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short...

9.3CVSS6.2AI score0.00359EPSS
Exploits0References24
OSV
OSV
added 2026/07/10 8:58 a.m.4 views

SUSE-SU-2026:22622-1 Security update for agama

This update for agama fixes the following issues - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length in rust- openssl crate bsc1270602. - CVE-2026-41678: openssl: incorrect bounds assertion in aes key wrap in rust-openssl crate bsc1270678. -...

9.3CVSS6.6AI score0.00359EPSS
Exploits0References15
OSV
OSV
added 2026/07/09 7:2 p.m.1 views

SUSE-SU-2026:2832-1 Security update for rustup

This update for rustup fixes the following issues Security issues: - CVE-2024-12224: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded bsc1243862. - CVE-2025-58160: tracing-subscriber: Tracing log pollution bsc1249008. - CVE-2026-41676: openssl: Deriver:derive and...

9.3CVSS7.1AI score0.00359EPSS
Exploits1References23
SUSE Linux
SUSE Linux
added 2026/07/09 6:25 a.m.3 views

Security update for python-maturin

This update for python-maturin fixes the following issues CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length bsc1270620...

8.7CVSS6.2AI score0.00359EPSS
Exploits0References32
OSV
OSV
added 2026/07/09 4:47 a.m.2 views

SUSE-SU-2026:2807-1 Security update for rust-keylime

This update for rust-keylime fixes the following issues - Update to version 0.2.9+49 - Update openssl to 0.10.81 - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270174. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.3CVSS6.6AI score0.00359EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.11 views

Debian dla-4669 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
Debian
Debian
added 2026/07/04 2:23 p.m.8 views

[SECURITY] [DLA 4669-1] php8.2 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
Debian
Debian
added 2026/07/04 12:44 p.m.9 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/18 9:9 p.m.12 views

PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service

Impact When a JWE uses a password-based key-encryption algorithm PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, PBES2AESKW::unwrapKey reads the p2c PBKDF2 iteration count parameter directly from the attacker-controlled JOSE header and passes it to hashpbkdf2 with no upper bound. The...

5.6AI score
Exploits0References6Affected Software2
OSV
OSV
added 2026/05/19 7:50 p.m.28 views

GHSA-PHQJ-4MHP-Q6MQ rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers

CipherCtxRef::cipherupdateinplace incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec, producing attacker-controllable heap corruption whe...

5.1CVSS5.8AI score0.00019EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-42029

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description The CipherCtxRef::cipher update inplace function incorrectly sizes output buffers when utilizing AES key-wrap-with-padding ciphers, specifically EVP aes 128 wrap pad, EVP aes 192 wrap pad, an...

5.1CVSS6AI score0.00019EPSS
Exploits0References126
NVD
NVD
added 2026/05/14 9:16 p.m.12 views

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS0.00172EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/14 9:16 p.m.18 views

CVE-2026-44662

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 8:18 p.m.59 views

CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.0 to before 0.10.79, CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad...

5.1CVSS0.00172EPSS
Exploits0References1
Rows per page
Query Builder