Lucene search
K

23343 matches found

Vulnrichment
Vulnrichment
added 2026/05/14 8:17 p.m.10 views

CVE-2026-42327 rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:17 p.m.7 views

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 8:17 p.m.28 views

CVE-2026-42327 rust-openssl: undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

8.7CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 5:16 p.m.15 views

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS0.00096EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/14 5:16 p.m.13 views

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 5:16 p.m.7 views

UBUNTU-CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References4
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2026/05/14 5:0 p.m.12 views

[R2] Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities

R2 Tenable Network Monitor 6.5.4 Fixes Multiple Vulnerabilities Jason Schavel Thu, 05/14/2026 - 13:00 Tenable Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, curl, sqlite3, handlebars, expat, and dpdk were fou...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/14 4:38 p.m.28 views

CVE-2026-44348

PoDoFo 1.0.0 through before 1.0.4 contains a double‑free in compute_hash_to_sign() (OpenSSLInternal_Ripped.cpp). If EVP_DigestFinal fails after buf has already been freed, the Error path frees buf a second time, causing heap corruption. A fix is available in 1.0.4. Affected installations should u...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 4:38 p.m.9 views

CVE-2026-44348 PoDoFo: Double-free vulnerability in compute_hash_to_sign()

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 4:15 p.m.9 views

CVE-2026-44312 css_parser allows to MITM included https css urls

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 4:15 p.m.18 views

CVE-2026-44312

CVE-2026-44312 affects the Ruby CSS Parser gem. Prior to 2.1.0 and 1.22.0, the library does not validate HTTPS connections (OpenSSL::SSL::VERIFY_NONE), allowing a MITM attacker to inject/modify CSS content when loading stylesheets over HTTPS. The issue is fixed in 2.1.0 and 1.22.0. Remediation: u...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 3:16 p.m.11 views

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

7CVSS0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:29 p.m.11 views

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

7CVSS6.1AI score0.00109EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 2:29 p.m.14 views

CVE-2025-62628

The CVE-2025-62628 issue is tied to unsafe OpenSSL initialization in AMD Manageability Software / AMD optional tools . The root cause is initialization that allows a local, privileged attacker to inject a malicious DLL , potentially leading to arbitrary code execution . Documentation consistently...

7CVSS6.1AI score0.00109EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 2:29 p.m.8 views

EUVD-2025-209847

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

7CVSS6.1AI score0.00109EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 2:29 p.m.37 views

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

7CVSS0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:29 p.m.7 views

CVE-2025-62628

Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution...

7CVSS6.1AI score0.00109EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

AMD AIM-T Manageability Service 代码问题漏洞

AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...

7CVSS6AI score0.00109EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

rust-openssl 安全漏洞

rust-openssl is an open-source library designed for interacting with the OpenSSL library. There were security vulnerabilities in the version of rust-openssl from 0.10.0 to 0.10.79. These vulnerabilities stemmed from incorrect calculations of the output buffer size when using AES key wrap padding,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

rust-openssl 输入验证错误漏洞

rust-openssl is an open-source library in Rust that allows for interaction with the OpenSSL library. In versions 0.9.7 to 0.10.79 of rust-openssl, there was a vulnerability related to input validation errors. This vulnerability stemmed from X509Ref::ocspresponders returning the OCSP responder URL...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder