Lucene search
K

384 matches found

Debian
Debian
added 2026/07/04 12:44 p.m.7 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : pyOpenSSL (EulerOS-SA-2026-2458)

According to the versions of the pyOpenSSL packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback t...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 8:17 p.m.9 views

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:51 p.m.22 views

CVE-2026-55961 wolfSSL_PKCS7_verify() reports success for degenerate (certs-only) PKCS#7 with no signer

wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...

8.2CVSS0.00095EPSS
Exploits0References2
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/06/23 8:43 p.m.14 views

[R3] Tenable Identity Exposure Version 3.93.5 Fixes Multiple Vulnerabilities

R3 Tenable Identity Exposure Version 3.93.5 Fixes Multiple Vulnerabilities Aaron Roy Tue, 06/23/2026 - 16:43 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET Windows Server Hosting, NodeJS, Erlang OTP, SQ...

9.9CVSS7AI score0.65838EPSS
Exploits17
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.8 views

openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key

A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...

7.5CVSS5.8AI score0.00981EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Amazon Linux 2 : openssl11, --advisory ALAS2-2026-3364 (ALAS-2026-3364)

The version of openssl11 installed on the remote host is prior to 1.1.1zh-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3364 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes...

8.8CVSS6.8AI score0.02719EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

SUSE SLES15 Security Update : openssl-1_1-livepatches (SUSE-SU-2026:2410-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2410-1 advisory. This update for openssl-11-livepatches fixes the following issues - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. Tenable has...

8.8CVSS7.1AI score0.02719EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/17 3:51 p.m.8 views

Security Bulletin: Vulnerability in edk2 affects IBM Netezza Appliance

Summary The edk2 package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-9230 Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigge...

7.5CVSS6.7AI score0.01744EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.11 views

SUSE CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

EulerOS Virtualization 2.13.1 : openssl (EulerOS-SA-2026-2383)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...

8.1CVSS6.4AI score0.01059EPSS
Exploits0References5
Wolfi
Wolfi
added 2026/06/11 7:48 p.m.13 views

GHSA-V446-XWFM-X7MR vulnerabilities

Vulnerabilities for packages: openssl...

5.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.11 views

openssl: AES-OCB IV Ignored on EVP_Cipher() Path

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

7.5CVSS5.5AI score0.0032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 1:21 p.m.12 views

CVE-2026-45447

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS5.4AI score0.02719EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:32 p.m.14 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in EVPPKEYderivesetpeer when called with a DHX X9.42 peer key. A malicious peer can recover the victim's private key. A peer presenting an X9.42 key that carries the victim's p and g, and a forged q passes all...

8.2CVSS7.1AI score0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35481

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS5.5AI score0.00684EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.22 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/09 6:28 p.m.15 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in ASN1mbstringncopy and ASN1mbstringcopy. An attacker supplying input on the order of 2^30 characters can overflow the signed int destination size computation for Unicode output, wrapping the allocation size ...

8.1CVSS7.2AI score0.00358EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-42764

Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...

7.5CVSS0.00684EPSS
Exploits0References4
Rows per page
Query Builder