Lucene search
K

23343 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

ZTE ZXCLOUD iRAI 代码问题漏洞

The ZTE ZXCLOUD iRAI is a virtualized device from China’s ZTE Corporation. The ZTE ZXCLOUD iRAI has a code vulnerability, which stems from an issue with the openssl.cnf permission escalation. This vulnerability could allow attackers to execute arbitrary code locally and escalate their privileges...

7.8CVSS6.2AI score0.00137EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.19 views

RHEL 9 : Satellite 6.18.5 Async Update (Important) (RHSA-2026:14835)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14835 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

9.8CVSS7.2AI score0.09436EPSS
Exploits3References32
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.15 views

RHEL 9 : Satellite 6.17.8 Async Update (Important) (RHSA-2026:14873)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14873 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity t...

9.8CVSS6.9AI score0.00812EPSS
Exploits3References22
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38328

There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges...

5.5CVSS6.2AI score0.00137EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/05/06 9:23 p.m.31 views

curl: CURLOPT_PROXY_CRLFILE / CURLOPT_PROXY_ISSUERCERT / CURLOPT_PROXY_ISSUERCERT_BLOB silently ignored on backends that don't support them

From the Mythos report 2026-05-06 F1. CURLOPTPROXYCRLFILE / CURLOPTPROXYISSUERCERT / CURLOPTPROXYISSUERCERTBLOB silently ignored on backends that don't support them — severity Low https://github.com/curl/curl/blob/455bebc2c7/lib/setopt.cL1786-L1797...

6.5CVSS6.5AI score0.01299EPSS
Exploits3
Chainguard
Chainguard
added 2026/05/06 7:17 p.m.12 views

CVE-2026-41898 vulnerabilities

Vulnerabilities for packages: sccache, deno, guestproxyagent, rustls-openssl-client, sqlx, typst, vector, rustup, sdp-k8s-injector, bootc, rpm-sequoia, ztunnel-fips, komodo, valkey-ldap, sentry-cli...

9.8CVSS5.8AI score0.00412EPSS
Exploits0
Fedora
Fedora
added 2026/05/06 4:48 p.m.12 views

[SECURITY] Fedora 43 Update: pyOpenSSL-26.1.0-1.fc43

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/06 3:56 p.m.21 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: openssl: openssl-3.5.6-0.3.hum1 aarch64, x8664 openssl-config-fips-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-3.5.6-0.3.hum1 aarch64, x8664 openssl-devel-engine-3.5.6-0.3.hum1 aarch64, x8664...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 12:54 p.m.4 views

CLSA-2026-1778072039 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

7.5CVSS6AI score0.00981EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 12:39 p.m.4 views

CLSA-2026-1778071148 openssl: Fix of 4 CVEs

CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane-mcert in danematch X509 reference-count bypass / UAF - CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number - CVE-2026-28389: fix NULL deref in...

9.8CVSS5.8AI score0.00885EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/05/06 12:4 p.m.4 views

Security update for openssl-3

This update for openssl-3 fixes the following issue: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.8AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 12:4 p.m.7 views

SUSE-SU-2026:1711-1 Security update for openssl-3

This update for openssl-3 fixes the following issue: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References3
Fedora
Fedora
added 2026/05/06 12:51 a.m.15 views

[SECURITY] Fedora 44 Update: pyOpenSSL-26.1.0-1.fc44

High-level wrapper around a subset of the OpenSSL library, includes among oth ers SSL.Connection objects, wrapping the methods of Python's portable sockets Callbacks written in Python Extensive error-handling mechanism, mirroring OpenSSL's error codes...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-37625

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 OpenSSL 3.x Description An inappropriate implementation in Tint within Google Chrome allows a remote attacker to potentially perform a sandbox escape using a crafted HTML page. In OpenSSL, a...

9.6CVSS5.8AI score0.00368EPSS
Exploits0References157
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

Fedora 43 : krb5 (2026-684396998a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-684396998a advisory. - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 - Add upstream patches to build against openssl 4.0 - Make configure.ac work wit...

5.9CVSS5.8AI score0.00461EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 10:32 p.m.11 views

CLSA-2026-1778020314 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

7.5CVSS5.8AI score0.00885EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 10:27 p.m.5 views

CLSA-2026-1778020035 openssl: Fix of CVE-2026-28388

CVE-2026-28388: fix NULL pointer dereference in checkdeltabase when delta CRL lacks CRL Number extension...

7.5CVSS7.3AI score0.00885EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 9:46 p.m.10 views

rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs

X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce that the underlying IA5String is ASCII, so a certificate with non-UTF-8 bytes in its OCSP accessLocation...

8.7CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/05 9:8 p.m.3 views

CLSA-2026-1777566580 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:29 a.m.6 views

CLSA-2026-1777948139 openssl: Fix of CVE-2026-31790

CVE-2026-31790: fix RSA KEM RSASVE encapsulation memory leak by validating RSApublicencrypt return value and cleansing secret on failure...

7.5CVSS5.8AI score0.00981EPSS
Exploits0References1
Rows per page
Query Builder