Lucene search
+L

980 matches found

Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the certificate verification path, in the TLS client's OCSP stapling response handling. An attacker operating a malicious server can deliver an OCSP response via the statusrequest extension that corrupts heap memory and...

8.2CVSS7.2AI score0.00245EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.17 views

CVE-2026-42765

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS0.00419EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 4:3 p.m.37 views

CVE-2026-42765

CVE-2026-42765 describes a NULL dereference in certificate verification when OCSP response checking is enabled together with partial-chain verification. The issue triggers a crash (Denial of Service) if the verified chain lacks a self-signed trusted anchor, because for the last certificate the is...

7.5CVSS5.6AI score0.00419EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/09 4:3 p.m.2 views

CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS7.1AI score0.00419EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 4:3 p.m.61 views

CVE-2026-35188

CVE-2026-35188 describes a vulnerability in TLS OCSP stapling where a crafted stapled response delivered via the status_request extension can trigger a double-free in the TLS client’s certificate verification path. Impact: potential heap corruption, with the practical consequence of Denial of Ser...

5CVSS6AI score0.00245EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.23 views

OpenSSL Security Advisory 20260609

OpenSSL is susceptible to multiple security vulnerabilities. A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. The Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag...

9.8CVSS5.5AI score0.02719EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-44185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: fro...

7.3CVSS7AI score0.00598EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 4:16 p.m.13 views

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS0.00598EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/08 3:22 p.m.9 views

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.3CVSS5.4AI score0.00598EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:22 p.m.20 views

CVE-2026-44185

Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00598EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.137 views

Apache 2.4.x < 2.4.68 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.68. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.68 advisory. - CVE-2026-49975, also known as HTTP/2 Bomb, is a remote denial-of-service exploit against most major web servers, including:...

9.8CVSS5.4AI score0.11471EPSS
Exploits8References13
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.19 views

TencentOS Server 4: nginx (TSSA-2026:0275)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0275 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.8CVSS9.3AI score0.21621EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.19 views

CVE-2026-42791

A flaw was found in Erlang OTP's publickey application, specifically in the Online Certificate Status Protocol OCSP response verification. A remote attacker who has obtained the private key of an expired Certificate Authority CA-designated OCSP responder certificate can forge OCSP responses. This...

6.3CVSS5.9AI score0.00316EPSS
Exploits0References9
Hacker One
Hacker One
added 2026/06/05 11:44 a.m.69 views

curl: GnuTLS OCSP stapling accepts unrelated SingleResponse (no cert-ID binding)

Summary This report describes a variant of the publicly disclosed curl vulnerability CVE-2020-8286 OCSP stapling verification bypass, found in the GnuTLS TLS backend lib/vtls/gtls.c. The original CVE affected the NSS backend; this variant reproduces the same logical class of defect — accepting...

7.5CVSS6.8AI score0.04575EPSS
Exploits1
OSV
OSV
added 2026/06/05 11:1 a.m.7 views

OPENSUSE-SU-2026:20907-1 Security update for erlang

This update for erlang fixes the following issues - CVE-2025-4748: improper limitation of a pathname may lead to path traversal bsc1244642. - CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in SFTP chroot bsc1262503. - CVE-2026-42789: publickey...

8.1CVSS6.5AI score0.00354EPSS
Exploits0References10
OSV
OSV
added 2026/06/05 10:59 a.m.5 views

SUSE-SU-2026:22082-1 Security update for erlang

This update for erlang fixes the following issues - CVE-2025-4748: improper limitation of a pathname may lead to path traversal bsc1244642. - CVE-2026-32147: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in SFTP chroot bsc1262503. - CVE-2026-42789: publickey...

8.1CVSS5.3AI score0.00354EPSS
Exploits0References11
Hacker One
Hacker One
added 2026/06/04 1:45 a.m.32 views

Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions

Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...

7.5CVSS6.1AI score0.01056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.20 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : nginx vulnerabilities (USN-8375-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8375-1 advisory. It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SM...

9.2CVSS9.1AI score0.61469EPSS
Exploits43References13
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

Erlang/OTP 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 OCSP Expired Responder Certificate Bypass (CVE-2026-42791)

The version of Erlang/OTP installed on the remote host is 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses...

6.3CVSS5.8AI score0.00316EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 8:12 p.m.16 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS5.8AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder