115 matches found
OESA-2026-1730 pyOpenSSL security update
pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : pyOpenSSL vulnerabilities (USN-8115-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8115-1 advisory. It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections...
SUSE CVE-2026-27448
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
CVE-2026-27448
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
UBUNTU-CVE-2026-27448
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
CVE-2026-27448
CVE-2026-27448 is a pyOpenSSL vulnerability (SNI/TLSEXT callback) where an unhandled exception in set_tlsext_servername_callback could cause a connection to be accepted. IBM security notes reiterate that this flaw exists in pyOpenSSL versions prior to 26.0.0 and that starting with 26.0.0 unhandle...
CVE-2026-27448
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
CVE-2026-27448
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...
pyOpenSSL 安全漏洞
pyOpenSSL is an open-source Python library that encapsulates OpenSSL from the Python Cryptographic Authority project. Versions of pyOpenSSL from 0.14.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from unhandled exceptions in the settlsextservername Callback functio...
Not Failing Securely ('Failing Open')
Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the settlsextservernamecallback function. An attacker can bypass security-sensitive checks by causing an unhandled exception in the callback, which results in the connection being accepted. If a...
GHSA-VP96-HXJ8-P424 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...
pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback
If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...
PT-2026-25778
Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 0.14.0 through 25.9.9 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set tlsext servername callback function raised an unhandled exception, a connection would be...
CVE-2019-25349
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...
CVE-2019-25349 scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...
PT-2026-20524
ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...
CVE-2025-71021
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub65A28 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-71021
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub65A28 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...
CVE-2025-71021
The CVE-2025-71021 entry concerns Tenda AX-1806 router firmware 1.0.0.1, where a stack overflow in the serverName parameter of the sub_65A28 function can be triggered to cause a Denial of Service (DoS). Affected component is the serverName handling in sub_65A28, with vulnerability details consist...