Lucene search
K

23343 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40963

Name of the Vulnerable Software and Affected Versions PoDoFo versions 1.0.0 through 1.0.3 Description A double-free issue exists in the compute hash to sign function within the src/podofo/private/OpenSSLInternal Ripped.cpp file. If the EVP DigestFinal function fails after the buf variable has bee...

2.5CVSS5.4AI score0.00096EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.13 views

AMD AIM-T Manageability Service 代码问题漏洞

AMD AIM-T Manageability Service is an industrial-grade remote device management service provided by American semiconductor company AMD. It supports operations and maintenance of edge computing nodes. There are code vulnerabilities in AMD AIM-T Manageability Service. These vulnerabilities stem fro...

7CVSS6AI score0.00109EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/13 11:16 a.m.10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the OCSP stapling process with Apple SecTrust. An attacker can cause the client to accept invalid or revoked server certificates by exploiting the failure to properly detect OCSP response problems. Not...

9.1CVSS5.7AI score0.00267EPSS
Exploits1References2
Mageia
Mageia
added 2026/05/13 7:0 a.m.12 views

Updated php packages fix security vulnerabilities

FPM: Fixed GHSA-7qg2-v9fj-4mwv XSS within status endpoint. CVE-2026-6735 MBString: Fixed GHSA-wm6j-2649-pv75 Null pointer dereference in phpmbcheckencoding via mberegsearchinit. CVE-2026-7259 OpenSSL: Fix compatibility issues with OpenSSL 4.0. PDOFirebird: Fixed GHSA-w476-322c-wpvm SQL injection...

9.8CVSS5.9AI score0.0076EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 6:56 a.m.16 views

Security Bulletin: Vulnerabilities in openssl affects IBM Netezza Appliance

Summary The openssl package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2026-22796, CVE-2026-22795, CVE-2025-69421, CVE-2025-69420, CVE-2025-69419, CVE-2025-69418, CVE-2025-68160, CVE-2025-66199, CVE-2025-15469, CVE-2025-15468, CVE-2025-15467,...

9.8CVSS7.5AI score0.47621EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017581)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017581 advisory. Calls to EVPCipherUpdate, EVPEncryptUpdate and EVPDecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum...

7.5CVSS5.8AI score0.50732EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-017587)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017587 advisory. The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509...

5.9CVSS6.7AI score0.07471EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.9 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1711-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1711-1 advisory. This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Fedora 42 : openssl (2026-7af660d639)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-7af660d639 advisory. Validate RSApublicencrypt result in RSASVE Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/08 11:47 a.m.5 views

CLSA-2026-1778061272 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

7.5CVSS5.8AI score0.00885EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 10:36 a.m.4 views

CLSA-2025-1751550314 openssl: Fix of CVE-2024-12797

RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797 Resolves: RHEL-76755...

6.3CVSS6.9AI score0.02357EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/07 10:33 p.m.10 views

rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding

CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 10:33 p.m.5 views

GHSA-XV59-967R-8726 rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding

CipherCtxRef::cipherupdate, CipherCtxRef::cipherupdatevec, and symm::Crypter::update incorrectly sized output buffers when used with AES key-wrap-with-padding ciphers EVPaes128,192,256wrappad. For a non-multiple-of-8 input, OpenSSL writes up to 7 bytes past the end of the caller's buffer or Vec,...

5.1CVSS5.9AI score0.00172EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/07 6:0 p.m.8 views

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

9.8CVSS6AI score0.00704EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/07 5:9 p.m.12 views

pyOpenSSL: DTLS cookie callback buffer overflow

A flaw was found in pyOpenSSL. The setcookiegeneratecallback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a...

9.8CVSS6AI score0.00704EPSS
Exploits0References7
NVD
NVD
added 2026/05/07 4:16 a.m.22 views

CVE-2026-40004

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

7.8CVSS0.00137EPSS
Exploits0References1
CVE
CVE
added 2026/05/07 3:47 a.m.26 views

CVE-2026-40004

Technical details about CVE-2026-40004 are not publicly provided in the supplied documents. No explicit affected products, versions, impact, or fixes are present here. Monitor for updates from vendors and security feeds for confirmation and remediation guidance.

7.8CVSS6.2AI score0.00137EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/07 3:47 a.m.49 views

CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS0.00137EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 2:6 a.m.4 views

GHSA-FF6C-W6QF-7XQC CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.19 views

RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

9.8CVSS7.2AI score0.09436EPSS
Exploits3References32
Rows per page
Query Builder