23343 matches found
Fedora 43 : perl-CryptX (2026-3e1f671a17)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-3e1f671a17 advisory. 0.088 2026-04-23 - Crypt::KeyDerivation - new functions: pbkdf1openssl, bcryptpbkdf, scryptpbkdf, argon2pbkdf - Crypt::Misc - new functions: randomv7uuid,...
Fedora 43 : rust-openssl / rust-openssl-sys (2026-16a3cea414)
The remote Fedora 43 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-16a3cea414 advisory. Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114. Release notes: - openssl 0.10.77 / openssl-sys 0.9.113:...
Fedora 44 : rust-openssl / rust-openssl-sys (2026-fc9d4b5520)
The remote Fedora 44 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-fc9d4b5520 advisory. Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114. Release notes: - openssl 0.10.77 / openssl-sys 0.9.113:...
PT-2026-36501
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...
CVE-2026-37554
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...
Curl 8.17.0 < 8.20.0 OCSP Stapling Bypass
The version of curl installed on the remote host is 8.17.0 prior to 8.20.0. It is, therefore, affected by an OCSP stapling bypass vulnerability: - When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is...
EUVD-2026-26671
An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation invalid compressed point, point not on curve are not...
Vanetza 安全漏洞
Vanetza is an open source implementation of a suite of in-vehicle communication protocols by the individual developer Raphael Riebl. A security vulnerability exists in Vanetza v26.02, which stems from an OpenSSL exception in the GeoNetworking packet processing pipeline that is not correctly caugh...
CVE-2026-37554
CVE-2026-37554 affects Vanetza V2X v26.02. In the GeoNetworking packet processing pipeline, OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught within the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line ...
CLSA-2026-1777567430 openssl: Fix of CVE-2026-28390
CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...
CLSA-2026-1777567181 openssl: Fix of CVE-2026-28390
CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...
openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without prope...
Moderate: Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.2 release and security update
Red Hat JBoss Web Server 6.2.2 zip release is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 10, and Windows Server. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CV...
CLSA-2026-1777552800 openssl: Fix of CVE-2026-28389
CVE-2026-28389: fix NULL pointer dereference in dhcmssetsharedinfo and ecdhcmssetsharedinfo when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted...
CLSA-2026-1777542789 openssl: Fix of CVE-2026-28387
CVE-2026-28387: fix use-after-free / double-free in danematch by releasing the previously stored dane-mcert with X509free instead of OPENSSLfree; the slot is reference-bumped via X509upref so the matching free is X509free...
Medium: openssl
Issue Overview: NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NULL dereference when processing CMS KeyTransportRecipientInfo...
Amazon Linux 2 : openssl, --advisory ALAS2-2026-3274 (ALAS-2026-3274)
The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3274 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt...
Fedora 45 : kryoptic / pyOpenSSL / python-cryptography / rust-asn1 / etc (2026-13a0c86ba1)
The remote Fedora 45 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-13a0c86ba1 advisory. Update python-cryptography to 47.0.0 As a result, rust-asn1 is bumped to 0.24, and pyOpenSSL is bumped to 26.1. kryoptic is rebuilt with a patch to support...
Amazon Linux 2 : openssl-snapsafe, --advisory ALAS2OPENSSL-SNAPSAFE-2026-010 (ALASOPENSSL-SNAPSAFE-2026-010)
The version of openssl-snapsafe installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2OPENSSL-SNAPSAFE-2026-010 advisory. NULL Pointer Dereference When Processing a Delta CRL NOTE:...
Medium: openssl-snapsafe
Issue Overview: NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NULL dereference when processing CMS KeyTransportRecipientInfo...