Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1746)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1746 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE CVE-2026-23401 In the Linux kernel, the followi...

9.8CVSS6.4AI score0.00563EPSS
Exploits4References256
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.14 views

Amazon Linux 2023 : bpftool6.12, kernel6.12, kernel6.12-devel (ALAS2023-2026-1646)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1646 advisory. In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been...

9.8CVSS5.9AI score0.00433EPSS
Exploits2References122
SUSE CVE
SUSE CVE
added 2026/04/02 11:28 p.m.6 views

SUSE CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

4.7CVSS5.6AI score0.00238EPSS
Exploits0References15
Debian CVE
Debian CVE
added 2026/04/02 11:40 a.m.4 views

CVE-2026-23414

In the Linux kernel, the following vulnerability has been resolved: tls: Purge asynchold in tlsdecryptasyncwait The asynchold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tlsdecryptasyncwait returns, every AEAD operation has completed and the engin...

7.5CVSS5.1AI score0.00238EPSS
Exploits0
CVE
CVE
added 2026/04/02 11:40 a.m.19 views

CVE-2026-23414

CVE-2026-23414 is addressed in the Linux kernel TLS code. The vulnerability involved the async_hold queue that pins encrypted input skbs while AEAD operations reference scatterlist data. The fix centralizes purge of async_hold in tls_decrypt_async_wait(), ensuring all callers (recvmsg drain path,...

7.5CVSS5.6AI score0.00238EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/01/17 9:7 a.m.14 views

RLSA-2026:0453 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: multitouch: fix slab out-of-bounds access in mtreportfixup CVE-2025-39806 kernel: audit: fix out-of-bounds read in auditcomparednamepath CVE-2025-39840 kernel: mm: slub: avoid wake u...

7.8CVSS6.4AI score0.00319EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/01/14 12:36 a.m.16 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS6.6AI score0.00194EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/01/13 9:50 a.m.18 views

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

5.8AI score0.00183EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/12 9:30 a.m.2 views

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

5.8AI score0.00183EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/09 12:0 a.m.12 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2025-1297)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1297 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption CVE-2025-40019 In the Linux kernel, the following...

5.5CVSS6.2AI score0.00338EPSS
Exploits2References62
SUSE CVE
SUSE CVE
added 2024/02/23 3:20 a.m.5 views

SUSE CVE-2024-26582

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tlsdecryptsg doesn't take a reference on the pages from clearskb, so the putpage in tlsdecryptdone releases them, and we trigger a use-after-free in processrxlist...

7.8CVSS6.2AI score0.00254EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.10 views

The vulnerability of the tls_decrypt_ticket function in the OpenSSL library exists due to insufficient validation of input data, allowing attackers to trigger a service failure.

The vulnerability of the tlsdecryptticket function in the OpenSSL library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

7.8CVSS7.1AI score0.26441EPSS
Exploits1References27Affected Software5
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.19 views

Cisco Adaptive Security Appliance Software Software-Based SSL/TLS DoS (cisco-sa-ftd-tls-decrypt-dos-BMxYjm8M)

According to its self-reported version, Cisco ASA Software is affected by a denial of service DoS vulnerability in the software-based SSL/TLS message handler due to insufficient validation of SSL/TLS messages upon decryption. An unauthenticated, remote attacker can exploit this, by sending a...

8.6CVSS7.3AI score0.0155EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability of the OpenSSL software allows a malicious attacker to compromise the accessibility of protected information.

A memory leak in the tlsdecryptticket function in t1lib.c of OpenSSL allows malicious actors operating remotely to trigger a service failure excessive memory consumption by using a specially crafted session credential, which causes a verification error for integrity checking...

5CVSS6.5AI score0.23598EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2014/10/19 1:55 a.m.1 views

DEBIAN-CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

7.1CVSS8.8AI score0.23598EPSS
Exploits0References1
Rows per page
Query Builder