Lucene search
K

23343 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/04/30 12:0 a.m.5 views

python311-pyOpenSSL-26.1.0-1.1 on GA media (moderate)

python311-pyOpenSSL-26.1.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10646-1 Rating: moderate Cross-References: CVE-2026-40475 CVSS scores: CVE-2026-40475 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-40475 SUSE : 6.8...

6.8CVSS5.3AI score
Exploits0
OSV
OSV
added 2026/04/29 9:37 a.m.4 views

CLSA-2026-1777455447 openssl: Fix of CVE-2026-28387

CVE-2026-28387: fix use-after-free / double-free in danematch by releasing the previously stored dane-mcert with X509free instead of OPENSSLfree; the slot is reference-bumped via X509upref so the matching free is X509free...

8.1CVSS5.8AI score0.00631EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/29 9:0 a.m.9 views

CVE-2026-41677

A flaw was found in rust-openssl, a library that provides OpenSSL functionalities for Rust applications. The library's password callback functions did not correctly check the size of data provided by a user's callback. This oversight could allow a specially crafted password callback to read beyon...

9.1CVSS4.8AI score0.00294EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.10 views

Fedora 43 : edk2 (2026-a484707720)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a484707720 advisory. unbreak https boot ---- update openssl to 3.5.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References2
OSV
OSV
added 2026/04/28 10:7 a.m.8 views

RHSA-2026:10754 Red Hat Security Advisory: RHUI 4.11.4 security update - python-pyOpenSSL

Bulletin has no description...

8.1CVSS4.1AI score0.00704EPSS
Exploits0References10
Fedora
Fedora
added 2026/04/28 1:0 a.m.6 views

[SECURITY] Fedora 43 Update: openvpn-2.6.20-1.fc43

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for...

6.9CVSS5.3AI score0.00317EPSS
Exploits0
Fedora
Fedora
added 2026/04/28 1:0 a.m.11 views

[SECURITY] Fedora 43 Update: openssl-3.5.4-3.fc43

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

9.8CVSS7.8AI score0.00981EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.8 views

Fedora 43 : openssl (2026-47fffff581)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-47fffff581 advisory. Backport security patches from OpenSSL 3.5.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

7.5CVSS5.5AI score0.00805EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.16 views

Juniper Junos OS Multiple Vulnerabilities (JSA88107)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA88107 advisory. - Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use...

7.5CVSS7.4AI score0.54026EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.8 views

PT-2026-35886

Name of the Vulnerable Software and Affected Versions python-pyOpenSSL versions prior to 26.1.0-1.1 Description Improper input handling of null bytes can lead to silent data truncation and security-state inconsistency. Recommendations Update to version 26.1.0-1.1...

5.4AI score
Exploits0References5
OSV
OSV
added 2026/04/28 12:0 a.m.4 views

OPENSUSE-SU-2026:10646-1 python311-pyOpenSSL-26.1.0-1.1 on GA media

These are all security issues fixed in the python311-pyOpenSSL-26.1.0-1.1 package on the GA media of openSUSE Tumbleweed...

5.3AI score
Exploits0References1
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-265 Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the...

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

7.5CVSS7.9AI score0.00844EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.7 views

JLSEC-2026-232 openssl-src contains Double free after calling `PEM_read_bio_ex`

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

7.5CVSS7.4AI score0.20444EPSS
Exploits0References8
OSV
OSV
added 2026/04/27 6:33 p.m.12 views

JLSEC-2026-251 Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be accessed...

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

7.5CVSS6.3AI score0.02945EPSS
Exploits0References12
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-218 In situations where an attacker receives automated notification of the success or failure of a...

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted...

4.3CVSS6.1AI score0.03838EPSS
Exploits0References44
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-264 Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code...

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS7.8AI score0.00768EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-216 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with...

There is an overflow bug in the x6464 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are...

5.3CVSS6.3AI score0.14298EPSS
Exploits0References37
OSV
OSV
added 2026/04/27 6:33 p.m.15 views

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.7AI score0.00444EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-256 Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can...

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.7AI score0.47621EPSS
Exploits7References11
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-219 Null pointer deference in openssl-src

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS6.2AI score0.53336EPSS
Exploits2References42
Rows per page
Query Builder