Lucene search
K

381 matches found

Amd
Amd
added 2026/05/12 12:0 a.m.12 views

Unsafe OpenSSL Initialization Vulnerability Within AMD Manageability Software

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62628| Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution....

7CVSS6AI score0.00109EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017427 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenS...

7.5CVSS6.9AI score0.06687EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/04 10:3 p.m.11 views

Use of Blocking Code in Single-threaded, Non-blocking Context

Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...

8.3CVSS5.9AI score0.00299EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/04 2:31 p.m.15 views

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

9.8CVSS6AI score0.00704EPSS
Exploits0References7
OSV
OSV
added 2026/05/03 9:57 a.m.10 views

OESA-2026-2191 compat-openssl11 security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An...

8.1CVSS6.1AI score0.00885EPSS
Exploits1References6
Fedora
Fedora
added 2026/05/02 1:57 a.m.12 views

[SECURITY] Fedora 42 Update: openvpn-2.6.20-1.fc42

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

6.9CVSS5.8AI score0.00317EPSS
Exploits0
NVD
NVD
added 2026/05/01 4:16 p.m.8 views

CVE-2026-37554

An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...

7.5CVSS0.0035EPSS
Exploits0References5
OSV
OSV
added 2026/04/30 12:44 p.m.8 views

CLSA-2026-1777553052 openssl: Fix of CVE-2026-28389

CVE-2026-28389: fix NULL pointer dereference in dhcmssetsharedinfo and ecdhcmssetsharedinfo when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/30 12:54 a.m.7 views

[SECURITY] Fedora 44 Update: openvpn-2.7.3-1.fc44

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

6.9CVSS5.3AI score0.00317EPSS
Exploits0
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-268 Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of...

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

5.9CVSS6.8AI score0.02016EPSS
Exploits0References9
OSV
OSV
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-226 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms...

There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...

5.9CVSS6.6AI score0.03803EPSS
Exploits0References16
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-257 Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client...

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

5.9CVSS5.3AI score0.00748EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind...

9.8CVSS6AI score0.00412EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 5:20 p.m.4 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS5.5AI score0.00412EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:18 p.m.3 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.2CVSS5.6AI score0.00294EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Fedora 45 : python3.6 (2026-5e7144a6af)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5e7144a6af advisory. Automatic update for python3.6-3.6.15-57.fc45. Changelog Fri Apr 17 2026 Charalampos Stratakis - 3.6.15-57 - Security fixes for CVE-2026-4786,...

9.1CVSS5.8AI score0.00579EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 5:8 a.m.8 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the wolfSSLX509verifycert function. An attacker can bypass certificate signature validation by supplying a certificate chain where an untrusted intermediate with Basic Constraints set to CA:FALSE is...

8.6CVSS5.8AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 4:17 a.m.7 views

DEBIAN-CVE-2026-5501

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

8.1CVSS5.6AI score0.00184EPSS
Exploits0References1
Photon
Photon
added 2026/04/09 12:0 a.m.7 views

Critical Photon OS Security Update - PHSA-2026-5.0-0810

Updates of 'openssl' packages of Photon OS have been released...

9.8CVSS7.5AI score0.00885EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication

Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature fami...

5.9AI score
Exploits0
Rows per page
Query Builder