Lucene search
K

12 matches found

Amazon
Amazon
added 2026/02/19 12:0 a.m.10 views

Important: edk2

Issue Overview: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. CVE-2025-68160 When using the low-level OCB API directly with AES-NI or other hardware-accelerated code paths,...

7.5CVSS5.7AI score0.00844EPSS
Exploits1
SUSE Linux
SUSE Linux
added 2026/01/30 9:1 a.m.6 views

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. CVE-2025-69420: Missing ASN1TYPE validation in TSRESPverifyresponse function bsc1256837. CVE-2025-69421: NULL Pointer Dereference in PKCS12itemdecryptd2iex function...

6.9CVSS5.9AI score0.00844EPSS
Exploits1References28
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.6 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:0310-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0310-1 advisory. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in...

9.8CVSS7.2AI score0.47621EPSS
Exploits7References25
SUSE Linux
SUSE Linux
added 2026/01/28 9:37 a.m.5 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level...

9.8CVSS6AI score0.47621EPSS
Exploits7References32
AlmaLinux
AlmaLinux
added 2026/01/28 12:0 a.m.20 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS12 file CVE-2025-11187...

9.8CVSS6.2AI score0.47621EPSS
Exploits7References26
OSV
OSV
added 2026/01/27 4:16 p.m.5 views

AZL-76122 CVE-2025-69420 affecting package edk2 for versions less than 20230301gitf80f052277c8-47

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.8AI score0.00768EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.5 views

AZL-76167 CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-18

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.8AI score0.00768EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

ALPINE-CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.9AI score0.00768EPSS
Exploits1References1
OSV
OSV
added 2026/01/27 4:16 p.m.6 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.9AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.3 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

5.9AI score0.00768EPSS
Exploits1References7Affected Software1
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.4 views

CVE-2025-69420

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

7.5CVSS5.9AI score0.00768EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.6 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: There is a type confusion vulnerability in the TimeStamp Response verification code. This vulnerability occurs when accessing a member of the ASN1TYPE union without first validating the type, resulting in an invalid or NULL pointer dereference during processing of a malformed...

7.5CVSS7.3AI score0.00768EPSS
Exploits1References3
Rows per page
Query Builder