Lucene search
K

115 matches found

OSV
OSV
added 2026/03/27 2:3 p.m.8 views

OESA-2026-1730 pyOpenSSL security update

pyOpenSSL is a rather thin wrapper around a subset of the OpenSSL library. With thin wrapper we mean that a lot of the object methods do nothing more than calling a corresponding function in the OpenSSL library. Security Fixes: A security vulnerability exists in the PyOpenSSL library's...

9.8CVSS5.9AI score0.00704EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.23 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : pyOpenSSL vulnerabilities (USN-8115-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8115-1 advisory. It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections...

9.8CVSS6.2AI score0.00704EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/19 12:26 a.m.6 views

SUSE CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

3.7CVSS5.8AI score0.00241EPSS
Exploits0References17
NVD
NVD
added 2026/03/18 12:16 a.m.7 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS0.00241EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 12:0 a.m.3 views

UBUNTU-CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/17 11:24 p.m.39 views

CVE-2026-27448 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS0.00241EPSS
Exploits0References3
CVE
CVE
added 2026/03/17 11:24 p.m.186 views

CVE-2026-27448

CVE-2026-27448 is a pyOpenSSL vulnerability (SNI/TLSEXT callback) where an unhandled exception in set_tlsext_servername_callback could cause a connection to be accepted. IBM security notes reiterate that this flaw exists in pyOpenSSL versions prior to 26.0.0 and that starting with 26.0.0 unhandle...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/17 11:24 p.m.5 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.3AI score0.00241EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/17 11:24 p.m.5 views

CVE-2026-27448

pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for...

6.3CVSS5.3AI score0.00241EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

pyOpenSSL 安全漏洞

pyOpenSSL is an open-source Python library that encapsulates OpenSSL from the Python Cryptographic Authority project. Versions of pyOpenSSL from 0.14.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from unhandled exceptions in the settlsextservername Callback functio...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/16 3:15 p.m.4 views

Not Failing Securely ('Failing Open')

Overview Affected versions of this package are vulnerable to Not Failing Securely 'Failing Open' via the settlsextservernamecallback function. An attacker can bypass security-sensitive checks by causing an unhandled exception in the callback, which results in the connection being accepted. If a...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 3:15 p.m.5 views

GHSA-VP96-HXJ8-P424 pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/16 3:15 p.m.15 views

pyOpenSSL allows TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback

If a user provided callback to settlsextservernamecallback raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Unhandled exceptions now result in rejecting the...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25778

Name of the Vulnerable Software and Affected Versions pyOpenSSL versions 0.14.0 through 25.9.9 Description pyOpenSSL is a Python wrapper around the OpenSSL library. If a user-provided callback to the set tlsext servername callback function raised an unhandled exception, a connection would be...

6.3CVSS5.8AI score0.00241EPSS
Exploits0References211
NVD
NVD
added 2026/02/18 10:16 p.m.7 views

CVE-2019-25349

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...

7.5CVSS0.00239EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/18 9:54 p.m.4 views

CVE-2019-25349 scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20524

ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/15 12:23 a.m.11 views

CVE-2025-71021

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub65A28 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS7.6AI score0.00385EPSS
Exploits1References1
NVD
NVD
added 2026/01/14 6:16 p.m.5 views

CVE-2025-71021

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub65A28 function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS0.00385EPSS
Exploits1References1
CVE
CVE
added 2026/01/14 12:0 a.m.13 views

CVE-2025-71021

The CVE-2025-71021 entry concerns Tenda AX-1806 router firmware 1.0.0.1, where a stack overflow in the serverName parameter of the sub_65A28 function can be triggered to cause a Denial of Service (DoS). Affected component is the serverName handling in sub_65A28, with vulnerability details consist...

7.5CVSS7.2AI score0.00385EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder