Lucene search
K

62 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:2396-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2396-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References23
OSV
OSV
added 2026/06/15 3:5 p.m.6 views

SUSE-SU-2026:2399-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delt...

8.8CVSS8.3AI score0.02719EPSS
Exploits0References16
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-42765

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS0.00419EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 12:34 p.m.9 views

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

9.8CVSS7.6AI score0.4581EPSS
Exploits18References23
RedHat Linux
RedHat Linux
added 2026/05/19 1:26 p.m.13 views

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

7.5CVSS6.6AI score0.00498EPSS
Exploits0References5
OSV
OSV
added 2026/05/15 2:1 p.m.8 views

OESA-2026-2316 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

9.8CVSS5.8AI score0.01325EPSS
Exploits2References7
Ubuntu
Ubuntu
added 2026/05/06 7:55 p.m.16 views

USN-8239-1: Apache HTTP Server vulnerabilities

Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitra...

9.8CVSS6.3AI score0.4581EPSS
Exploits18
ATTACKERKB
ATTACKERKB
added 2026/05/05 1:10 p.m.9 views

CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/05 12:0 a.m.2 views

UBUNTU-CVE-2026-29168

Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's modmd via OCSP response data. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References3
OSV
OSV
added 2026/04/30 6:16 p.m.6 views

ALPINE-CVE-2026-3832

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...

3.7CVSS5.8AI score0.0072EPSS
Exploits1References1
CVE
CVE
added 2026/04/30 5:41 p.m.24 views

CVE-2026-3832

CVE-2026-3832 affects the gnutls library. A logic error in processing multi-record OCSP responses during TLS handshakes can cause a client with OCSP verification enabled to incorrectly accept a revoked server certificate, potentially compromising trust. The available documents describe the vulner...

3.7CVSS5.4AI score0.0072EPSS
Exploits1References9Affected Software4
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.10 views

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.5.1.2)

The version of AOS installed on the remote host is prior to 7.5.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.5.1.2 advisory. - LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raste...

8.3CVSS6.7AI score0.96775EPSS
Exploits232References11
EUVD
EUVD
added 2025/10/27 11:30 a.m.4 views

EUVD-2025-36160

Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid...

8.2CVSS6.6AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-8297

Malware in sbrugna...

7.5CVSS8.5AI score0.02437EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2013-0205

Malware in sbrugna...

5CVSS7.9AI score0.1965EPSS
Exploits0References38
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2022-4552

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.01174EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-0179

Malicious code in bioql PyPI...

7.8CVSS6.3AI score0.00246EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 6:43 p.m.9 views

CVE-2021-37155

wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP response...

9.8CVSS6.8AI score0.01493EPSS
Exploits0References1
NVD
NVD
added 2025/01/29 9:15 p.m.17 views

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the...

7.8CVSS0.00246EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/01/29 8:50 p.m.11 views

snowflake-connector-python vulnerable to insecure deserialization of the OCSP response cache

Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue...

7.8CVSS6.8AI score0.00246EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder