Lucene search
K

215 matches found

RedhatCVE
RedhatCVE
added 2026/04/29 9:0 a.m.9 views

CVE-2026-41677

A flaw was found in rust-openssl, a library that provides OpenSSL functionalities for Rust applications. The library's password callback functions did not correctly check the size of data provided by a user's callback. This oversight could allow a specially crafted password callback to read beyon...

9.1CVSS4.8AI score0.00294EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.l...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that...

9.8CVSS5.9AI score0.00294EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41681

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the ou...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-41677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind...

9.8CVSS6AI score0.00412EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/25 12:14 p.m.8 views

CVE-2026-41681

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. The EVPDigestFinal function, used for cryptographic hashing, can write past the end of its intended output buffer if the buffer is too small. This out-of-bounds write can corrupt the program'...

9.8CVSS5.5AI score0.00373EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/25 12:14 p.m.5 views

CVE-2026-41676

A flaw was found in rust-openssl, a library that provides cryptographic functionalities by binding to OpenSSL. When interacting with OpenSSL 1.1.x, the Deriver::derive function does not correctly manage buffer sizes during key derivation operations. This oversight can lead to a memory overflow,...

9.8CVSS5.2AI score0.00298EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/25 11:54 a.m.13 views

CVE-2026-41678

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. A remote attacker could exploit an incorrect assertion in the aes::unwrapkey function. This flaw causes the function to incorrectly validate buffer sizes, allowing a smaller output buffer tha...

9.8CVSS6AI score0.00294EPSS
Exploits0References2
NVD
NVD
added 2026/04/24 6:16 p.m.10 views

CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.8CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.5 views

CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS0.00298EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.6 views

CVE-2026-41677

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the frompemcallback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can cause some versions of...

9.1CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.12 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS0.00412EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

UBUNTU-CVE-2026-41678

rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrapkey contains an incorrect assertion: it checks that out.len + 8 = in.len - 8, ensuring the output buffer is large enough. Because of the inverted check, the function only accepts buffers a...

9.8CVSS5.9AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

UBUNTU-CVE-2026-41681

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVPDigestFinal always writes EVPMDCTXsizectx to the out buffer. If out is smaller than that, MdCtxRef::digestfinal writes past its end, usually corrupting the stack. This is reachable from sa...

9.8CVSS5.8AI score0.00373EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/24 6:16 p.m.7 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS5.8AI score0.00412EPSS
Exploits0References4
OSV
OSV
added 2026/04/24 6:16 p.m.4 views

UBUNTU-CVE-2026-41676

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive and PkeyCtxRef::derive sets len = buf.len and passes it as the in/out length to EVPPKEYderive, relying on OpenSSL to honor it. On OpenSSL 1.1.x, X25519, X448, DH and HKDF-extra...

9.8CVSS5.9AI score0.00298EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/24 5:20 p.m.4 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

9.8CVSS5.5AI score0.00412EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 5:20 p.m.21 views

EUVD-2026-25587

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

8.3CVSS5.6AI score0.00412EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:20 p.m.6 views

CVE-2026-41898

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::setpskclientcallback, setpskservercallback, setcookiegeneratecb, and setstatelesscookiegeneratecb forwarded the user closure's returned usize...

8.3CVSS5.6AI score0.00412EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder