23343 matches found
PT-2026-40963
Name of the Vulnerable Software and Affected Versions PoDoFo versions 1.0.0 through 1.0.3 Description A double-free issue exists in the compute hash to sign function within the src/podofo/private/OpenSSLInternal Ripped.cpp file. If the EVP DigestFinal function fails after the buf variable has bee...
AMD AIM-T Manageability Service 代码问题漏洞
AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the OCSP stapling process with Apple SecTrust. An attacker can cause the client to accept invalid or revoked server certificates by exploiting the failure to properly detect OCSP response problems. Not...
Updated php packages fix security vulnerabilities
FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...
Security Bulletin: Vulnerabilities in openssl affects IBM Netezza Appliance
Summary The openssl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2026-22796, CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419, CVE-2025-69418, CVE-2025-68160, CVE-2025-66199, CVE-2025-15469, CVE-2025-15468, CVE-2025-15467,...
Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017581)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017581 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum...
Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017587)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017587 advisory. The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509...
SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1711-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1711-1 advisory. This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS...
Fedora 42 : openssl (2026-7af660d639)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7af660d639 advisory. Validate RSApublicencrypt result in RSASVE Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...
CLSA-2026-1778061272 openssl: Fix of CVE-2026-28388
CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...
CLSA-2025-1751550314 openssl: Fix of CVE-2024-12797
RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797 Resolves: RHEL-76755...
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding
CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec,...
GHSA-XV59-967R-8726 rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding
CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec,...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
pyOpenSSL: DTLS cookie callback buffer overflow
A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...
CVE-2026-40004
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...
CVE-2026-40004
Technical details about CVE-2026-40004 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or fixes are present here. Monitor for updates from vendors and security feeds for confirmation and remediation guidance.
CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...
GHSA-FF6C-W6QF-7XQC CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content
Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...
RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...