Lucene search
K

23343 matches found

OSV
OSV
added 2026/04/25 5:49 a.m.7 views

OESA-2026-2079 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...

7.5CVSS6.2AI score0.00885EPSS
Exploits0References2
OSV
OSV
added 2026/04/25 5:49 a.m.8 views

OESA-2026-2045 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

8.1CVSS6.5AI score0.00885EPSS
Exploits0References5
OSV
OSV
added 2026/04/25 5:49 a.m.6 views

OESA-2026-2044 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

8.1CVSS6.5AI score0.00885EPSS
Exploits0References5
Fedora
Fedora
added 2026/04/25 1:59 a.m.10 views

[SECURITY] Fedora 44 Update: openssl-3.5.5-2.fc44

The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which provide various cryptographic algorithms and protocols...

9.8CVSS7.8AI score0.00981EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.6 views

SUSE SLES12 Security Update : python-pyOpenSSL (SUSE-SU-2026:1582-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1582-1 advisory. This update for python-pyOpenSSL fixes the following issue: - CVE-2026-27448: unhandled exception can result in connection not being cancelled...

6.3CVSS5.4AI score0.00241EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.4 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1605-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1605-1 advisory. This update for openssl-3 fixes the following issue: Security issues fixed: - CVE-2026-28390: NULL pointer dereference during processing of ...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.11 views

Fedora 44 : openssl (2026-d3e275d525)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d3e275d525 advisory. Backport security patches from OpenSSL 3.5.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Ness...

6.5CVSS7.3AI score0.00435EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 6:16 p.m.9 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.8CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.7 views

CVE-2026-41681

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from sa...

9.8CVSS0.00373EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 6:16 p.m.6 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS0.00412EPSS
Exploits0References4
NVD
NVD
added 2026/04/24 6:16 p.m.5 views

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS0.00298EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.6 views

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

9.1CVSS0.00294EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 6:16 p.m.3 views

UBUNTU-CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.6 views

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.3 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.8CVSS5.9AI score0.00294EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.7 views

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.7 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS5.8AI score0.00412EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.5 views

CVE-2026-41681

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from sa...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

UBUNTU-CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.8CVSS5.9AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 6:16 p.m.3 views

UBUNTU-CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS5.9AI score0.00412EPSS
Exploits0References5
Rows per page
Query Builder