381 matches found
Unsafe OpenSSL Initialization Vulnerability Within AMD Manageability Software
CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62628| Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution....
Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017427)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017427 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenS...
Use of Blocking Code in Single-threaded, Non-blocking Context
Overview Affected versions of this package are vulnerable to Use of Blocking Code in Single-threaded, Non-blocking Context through the OpenSSL::KDF.pbkdf2hmac function during SCRAM authentication. An attacker can cause the Ruby client VM to become unresponsive by sending a large iteration count...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
OESA-2026-2191 compat-openssl11 security update
OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An...
[SECURITY] Fedora 42 Update: openvpn-2.6.20-1.fc42
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
CVE-2026-37554
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...
CLSA-2026-1777553052 openssl: Fix of CVE-2026-28389
CVE-2026-28389: fix NULL pointer dereference in dhcmssetsharedinfo and ecdhcmssetsharedinfo when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted...
[SECURITY] Fedora 44 Update: openvpn-2.7.3-1.fc44
OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...
JLSEC-2026-268 Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of...
Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...
JLSEC-2026-226 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms...
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis...
JLSEC-2026-257 Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client...
Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...
Linux Distros Unpatched Vulnerability : CVE-2026-41898
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind...
CVE-2026-41898
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...
CVE-2026-41678
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...
Fedora 45 : python3.6 (2026-5e7144a6af)
The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5e7144a6af advisory. Automatic update for python3.6-3.6.15-57.fc45. Changelog Fri Apr 17 2026 Charalampos Stratakis - 3.6.15-57 - Security fixes for CVE-2026-4786,...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the wolfSSLX509verifycert function. An attacker can bypass certificate signature validation by supplying a certificate chain where an untrusted intermediate with Basic Constraints set to CA:FALSE is...
DEBIAN-CVE-2026-5501
wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...
Critical Photon OS Security Update - PHSA-2026-5.0-0810
Updates of 'openssl' packages of Photon OS have been released...
Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication
Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature fami...