Lucene search
K

29 matches found

OSV
OSV
added 2026/06/16 6:53 a.m.4 views

SUSE-SU-2026:2404-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify bsc1266357. - CVE-2026-42766: Possible NULL Dereference in Password-Based CMS Decryption bsc1266349. - CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341....

8.8CVSS5.2AI score0.02719EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/25 12:14 p.m.5 views

CVE-2026-41676

A flaw was found in rust-openssl, a library that provides cryptographic functionalities by binding to OpenSSL. When interacting with OpenSSL 1.1.x, the Deriver::derive function does not correctly manage buffer sizes during key derivation operations. This oversight can lead to a memory overflow,...

9.8CVSS5.2AI score0.00298EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 6:16 p.m.5 views

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 5:16 p.m.4 views

CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.2CVSS5.4AI score0.00298EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.11 views

rust-openssl 安全漏洞

rust-openssl is an open-source library designed for interacting with the OpenSSL library. There were security vulnerabilities in the version of rust-openssl from 0.9.27 to 0.10.78. These vulnerabilities stemmed from the use of Deriver::derive, where len = buf.len was set as the input/output lengt...

9.8CVSS5.8AI score0.00298EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/04/23 3:53 p.m.3 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

8.2CVSS6.1AI score0.00885EPSS
Exploits0References20
OSV
OSV
added 2026/04/23 7:6 a.m.5 views

SUSE-SU-2026:1562-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 9:17 a.m.9 views

SUSE-SU-2026:1386-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInf...

9.8CVSS6.1AI score0.00885EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/04/16 9:17 a.m.5 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

8.2CVSS6.1AI score0.00885EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2026/04/13 8:8 a.m.5 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

7.3CVSS6.2AI score0.00885EPSS
Exploits0References16
OSV
OSV
added 2026/04/13 8:8 a.m.4 views

SUSE-SU-2026:1290-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. - CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. - CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInf...

9.8CVSS6.1AI score0.00885EPSS
Exploits0References9
SUSE Linux
SUSE Linux
added 2026/04/10 3:6 p.m.4 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-28387: Potential use-after-free in DANE client code bsc1260441. CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL bsc1260442. CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo...

7.3CVSS6.1AI score0.00981EPSS
Exploits0References20
SUSE Linux
SUSE Linux
added 2025/10/07 7:48 a.m.4 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap bsc1250232. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

7.7CVSS6.8AI score0.01744EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/02/10 7:33 a.m.1 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

8.2CVSS7.3AI score0.00601EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/02/04 1:33 p.m.1 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you...

8.2CVSS7.3AI score0.00601EPSS
Exploits0References6
SUSE Linux
SUSE Linux
added 2024/10/29 1:34 a.m.1 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2023-50782: Implicit rejection in PKCS1 v1.5 bsc1220262 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed f...

5.9CVSS6.6AI score0.01118EPSS
Exploits0References4
OSV
OSV
added 2023/08/08 4:18 p.m.7 views

SUSE-SU-2023:3239-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. bsc1213853...

5.3CVSS5.7AI score0.02577EPSS
Exploits0References3
OSV
OSV
added 2023/06/01 9:34 a.m.8 views

SUSE-SU-2023:2342-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers bsc1211430...

6.5CVSS6.7AI score0.73461EPSS
Exploits0References3
OSV
OSV
added 2021/12/23 12:15 p.m.1 views

DEBIAN-CVE-2021-44273

e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...

7.4CVSS7.3AI score0.00962EPSS
Exploits1References1
OSV
OSV
added 2021/12/23 12:15 p.m.1 views

UBUNTU-CVE-2021-44273

e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...

7.4CVSS5.8AI score0.00962EPSS
Exploits1References6
Rows per page
Query Builder