Lucene search
K

23343 matches found

OSV
OSV
added 2026/05/19 12:0 a.m.10 views

ALSA-2026:19187 Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to...

7.4CVSS7.5AI score0.00444EPSS
Exploits1References4
OSV
OSV
added 2026/05/19 12:0 a.m.9 views

ALSA-2026:19218 Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-317...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.11 views

Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Arbitrary code execution due to...

7.4CVSS7.5AI score0.00444EPSS
Exploits1References4
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.12 views

Moderate: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key CVE-2026-317...

7.5CVSS7.3AI score0.00981EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/18 1:57 a.m.18 views

CVE-2026-7373

Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows a user to gain SYSTEM level control of a Windows host. When started the metasploitPostgreSQL service would start the postgres.exe child process which would in turn load an OpenSSL configuration file from a stat...

9.3CVSS6AI score0.0017EPSS
Exploits0References1
RubySec
RubySec
added 2026/05/18 12:0 a.m.13 views

ruby-jwt: Empty-key HMAC bypass; cross-language sibling of CVE-2026-44351

JWT.decodetoken, '', true, algorithm: 'HS256' accepts an attacker-forged token. OpenSSL::HMAC.digest'SHA256', '', payload returns a valid digest under an empty key, and no raise InvalidKeyError if key.empty? precondition exists in the HMAC algorithm. JWT.decodetoken, "", true, algorithm: 'HS256' ...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/17 9:24 p.m.10 views

Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of openssl (CVE-2026-41676, CVE-2026-41677, CVE-2026-41678, CVE-2026-41681)

Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.1 and 1.92.0.1 uses versions 0.10.73 and 0.10.74 of the openssl crate, which provides Rust bindings for the OpenSSL library. Several security-related bugs, such as buffer overflows, were identified in these versions of the...

9.8CVSS6AI score0.00373EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/17 7:16 p.m.22 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS0.00447EPSS
Exploits0References2
NVD
NVD
added 2026/05/17 7:16 p.m.25 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS0.00648EPSS
Exploits0References5
OSV
OSV
added 2026/05/17 7:16 p.m.9 views

UBUNTU-CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References9
OSV
OSV
added 2026/05/17 7:16 p.m.5 views

UBUNTU-CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.9AI score0.00648EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/17 6:51 p.m.7 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/17 6:51 p.m.7 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

5.9AI score0.00447EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/17 6:51 p.m.16 views

EUVD-2026-30707

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

5.9AI score0.00447EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/17 6:51 p.m.8 views

CVE-2026-8721

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

9.8CVSS5.9AI score0.00447EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/17 6:43 p.m.39 views

CVE-2026-8507 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

0.00648EPSS
Exploits0References4
CVE
CVE
added 2026/05/17 6:43 p.m.22 views

CVE-2026-8507

CVE-2026-8507 affects Crypt::OpenSSL::PKCS12 up to version 1.94 (Perl). The vulnerability stems from a signed integer overflow in size calculations for a 1 GiB+ OCTET STRING/BIT STRING attribute in SAFEBAGs when using info() or info_as_hash(), which can trigger a heap out-of-bounds write and remo...

9.8CVSS5.9AI score0.00648EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/17 6:43 p.m.13 views

EUVD-2026-30708

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

5.9AI score0.00648EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/17 6:43 p.m.6 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.9AI score0.00648EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/17 6:43 p.m.9 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.9AI score0.00648EPSS
Exploits0
Rows per page
Query Builder