Lucene search
K

23343 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/24 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1562-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1562-1 advisory. - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc126167...

7.5CVSS5.5AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 4:48 p.m.5 views

SUSE-SU-2026:1582-1 Security update for python-pyOpenSSL

This update for python-pyOpenSSL fixes the following issue: - CVE-2026-27448: unhandled exception can result in connection not being cancelled bsc1259804...

6.3CVSS5.3AI score0.00241EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/04/23 4:39 p.m.5 views

Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to go1.25.9 bsc1244485. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile:...

7.5CVSS5.6AI score0.00621EPSS
Exploits0References40
OSV
OSV
added 2026/04/23 4:38 p.m.8 views

SUSE-SU-2026:1580-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues: - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144:...

9.8CVSS5.6AI score0.00658EPSS
Exploits0References22
OSV
OSV
added 2026/04/23 3:53 p.m.8 views

SUSE-SU-2026:1577-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInf...

9.8CVSS5.7AI score0.00885EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/04/23 3:53 p.m.3 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

8.2CVSS6.1AI score0.00885EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/04/23 7:6 a.m.5 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like Ya...

8.2CVSS5.7AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/04/23 7:6 a.m.5 views

SUSE-SU-2026:1562-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Oracle MySQL Server 9.x.x < 9.7.0 (April 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References26
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

SUSE SLES12 Security Update : openssl-1_1 (SUSE-SU-2026:1549-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1549-1 advisory. - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678. Tenable...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.99 views

Oracle MySQL Server 8.4.x < 8.4.9 (April 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References23
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.10 views

Oracle MySQL Server 8.0.x < 8.0.46 (April 2026 CPU)

The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Packaging OpenSSL. Supported versions that are affected are 8.0.0-8.0.45,...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References26
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1550-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1550-1 advisory. - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc126167...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Fedora 45 : rust-openssl / rust-openssl-sys (2026-8f21bdd167)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-8f21bdd167 advisory. Update the openssl crate to version 0.10.78 and the openssl-sys crate to version 0.9.114. Release notes: - openssl 0.10.77 / openssl-sys 0.9.113:...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/22 9:22 p.m.16 views

rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

9.8CVSS5.8AI score0.00298EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 9:22 p.m.5 views

GHSA-PQF5-4PQQ-29F5 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extract ignore the incoming keylen, unconditionally writing the full shared secret 32/56/prime-size bytes. A...

9.2CVSS5.8AI score0.00298EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/22 9:20 p.m.16 views

rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length

The frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of OpenSSL to over-read this buffer. OpenSSL 3.x is not affected by this...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 9:17 p.m.5 views

GHSA-8C75-8MHR-P7R9 rust-openssl has incorrect bounds assertion in aes key wrap

Summary aes::unwrapkey has an incorrect bounds assertion on the out buffer size, which can lead to out-of-bounds write. Details aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the...

9.2CVSS6AI score0.00294EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/22 9:5 p.m.11 views

rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check

EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from safe Rust...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/22 9:5 p.m.8 views

GHSA-GHM9-CR32-G9QJ rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check

EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from safe Rust...

9.3CVSS5.8AI score0.00373EPSS
Exploits0References6
Rows per page
Query Builder