Lucene search
+L

11 matches found

Snyk
Snyk
added 2026/03/19 10:45 p.m.5 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the wceccimportx963ex function when handling EC public key points in the KCAPI ECC code path. An attacker can cause memory corruption and potentially execute arbitrary code by sending a crafted oversized EC...

9.8CVSS6.2AI score0.00344EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/19 9:17 p.m.4 views

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

9.8CVSS6.1AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/19 8:41 p.m.22 views

CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

2.3CVSS0.00344EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/19 8:41 p.m.4 views

CVE-2026-4395

Heap-based buffer overflow in the KCAPI ECC code path of wceccimportx963ex in wolfSSL wolfcrypt allows a remote attacker to write attacker-controlled data past the bounds of the pubkeyraw buffer via a crafted oversized EC public key point. The WOLFSSLKCAPIECC code path copies the input to...

9.8CVSS5.8AI score0.00344EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.11 views

OpenSSL 3.6.0 < 3.6.2 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.6.2. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.6.2 advisory. - Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group...

9.8CVSS7.5AI score0.01059EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : gnutls-3.7.6-18.el9 (AXSA:2023-5214:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5214:01 advisory. gnutls: timing side-channel in the TLS RSA key exchange code CVE-2023-0361 Tenable has extracted the preceding description block directly from the MiracleLin...

7.4CVSS8.5AI score0.01403EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2016-7021

Malware in sbrugna...

9.8CVSS9.2AI score0.01943EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.101 views

RHCOS 4 : OpenShift Container Platform 4.15.0 (RHSA-2023:7201)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7201 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - golang:...

7.5CVSS7.2AI score0.99999EPSS
Exploits23References16
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.74 views

AlmaLinux 8 : container-tools:4.0 (ALSA-2024:0748)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0748 advisory. runc: file descriptor leak Leaky Vessels CVE-2024-21626 A AlmaLinux Security Bulletin which addresses further details about the Leaky Vessels flaw is...

8.6CVSS7.4AI score0.18087EPSS
Exploits18References4
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.13 views

PT-2023-29487

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.20 Description The issue concerns the RSA-based TLS key exchanges in Go, which used the math/big library that is not constant time. Although RSA blinding was applied to prevent timing attacks, analysis suggests this may...

8.6CVSS7AI score0.18087EPSS
Exploits18References51
NVD
NVD
added 2017/06/07 5:29 p.m.14 views

CVE-2016-6087

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918...

9.8CVSS9AI score0.01943EPSS
Exploits0References4
Rows per page
Query Builder