23303 matches found
CVE-2026-55961
wolfSSLPKCS7verify returning success for a degenerate certs-only PKCS7 object that contains no signer. Such an object has empty signerInfos, so the underlying signed-data verification succeeds without authenticating any content. The compatibility-layer verify path now rejects the object when no...
EUVD-2026-39486
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...
CVE-2026-6091
Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. The vulnerability affects the wolfSSL OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_E...
RHSA-2026:28832 Red Hat Security Advisory: openssl-fips-provider security update
Bulletin has no description...
PT-2026-52563
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An X.509 trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra OPENS...
PT-2026-52573
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...
PT-2026-52604
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the EVP DigestVerifyFinal function where a zero-length tag could be accepted as valid during HMAC Hash-based Message Authentication Code...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
Moderate: Red Hat Security Advisory: openssl-fips-provider security update
An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions, Red Hat Enterprise Linux 9.4 Extended Update Support, and Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a...
Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl-fips-provider: openssl-fips-provider-3.0.7-1.2.hum1 aarch64, x8664 openssl-fips-provider-so-3.0.7-1.2.hum1 aarch64, x8664 openssl-fips-provider-3.0.7-1.2.hum1.src src...
openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group
A key group selection preference flaw has been discovered in OpenSSL. An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. A less preferred key exchange may be used...
RHSA-2026:27745 Red Hat Security Advisory: openssl-fips-provider security update
Bulletin has no description...
RHSA-2026:27746 Red Hat Security Advisory: openssl-fips-provider security update
Bulletin has no description...
RHSA-2026:27744 Red Hat Security Advisory: openssl-fips-provider security update
Bulletin has no description...
Moderate: Red Hat Security Advisory: openssl-fips-provider security update
An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
Moderate: Red Hat Security Advisory: openssl-fips-provider security update
An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: openssl-fips-provider security update
An update for openssl-fips-provider is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
DEBIAN-CVE-2026-9265
Crypt::OpenSSL::PKCS12 versions before 1.96 for Perl permits a heap OOB read in printattribute UTF8STRING path. printattribute copies a UTF8STRING ASN.1 attribute value into a heap buffer sized exactly to its declared length via strncpy, leaving no NUL terminator. Downstream callers run strlen on...