Lucene search
K

672 matches found

OSV
OSV
added last week6 views

BIT-PHP-MIN-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
OSV
OSV
added last week7 views

BIT-PHP-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
OSV
OSV
added last week7 views

BIT-LIBPHP-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.8 views

PHP 8.4.x < 8.4.23

The version of PHP installed on the remote host is prior to 8.4.23. It is, therefore, affected by a vulnerability as referenced in the Version 8.4.23 advisory. - In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementatio...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/07/07 2:31 a.m.7 views

SUSE CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.10 views

Debian dla-4669 : libapache2-mod-php8.2 - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dla-4669 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References4
Slackware Linux
Slackware Linux
added 2026/07/05 10:52 p.m.9 views

[slackware-security] Slackware 15.0 php82

New php82 packages are available for Slackware 15.0 to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: extra/php82/php82-8.2.32-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: OpenSSL: Fixed memory corruption zendmmheap corrupted in opensslencrypt...

5.6CVSS6AI score0.00306EPSS
Exploits0
Debian
Debian
added 2026/07/04 2:23 p.m.7 views

[SECURITY] [DLA 4669-1] php8.2 security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4669-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta July 04, 2026 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
Debian
Debian
added 2026/07/04 12:44 p.m.7 views

[SECURITY] [DSA 6377-1] php8.4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq -...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 9:16 p.m.4 views

UBUNTU-CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/07/03 8:57 p.m.25 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/03 8:57 p.m.84 views

CVE-2026-14355 ext/openssl: Memory corruption in openssl_encrypt with AES-WRAP-PAD

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS0.00306EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:57 p.m.7 views

CVE-2026-14355

In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the plaintext length without...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-14355

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 8.2. before 8.2.32, 8.3. before 8.3.32, 8.4. before 8.4.23, 8.5. before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension...

5.6CVSS6.2AI score0.00306EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.15 views

PT-2026-55488

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.31 PHP versions 8.3.0 through 8.3.31 PHP versions 8.4.0 through 8.4.22 PHP versions 8.5.0 through 8.5.7 Description The OpenSSL extension contains a buffer allocation flaw in the AES-WRAP-PAD algorithm...

5.6CVSS6.1AI score0.00306EPSS
Exploits0References21
ATTACKERKB
ATTACKERKB
added 2026/07/01 1:47 p.m.5 views

CVE-2026-6685

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...

6.1CVSS5.8AI score0.00205EPSS
Exploits2References5
CVE
CVE
added 2026/07/01 1:47 p.m.39 views

CVE-2026-6685

FatFs CVE-2026-6685 affects FatFs R0.16 and earlier, where a stale dirty-cache skip can occur due to an unsigned-subtraction wrap in f_read() and f_write() during interleaved reads/writes on fragmented filesystems (fp-&gt;sect - sect &lt; cc). The root cause is an integer underflow (CWE-191) in t...

6.1CVSS5.8AI score0.00205EPSS
Exploits2References4Affected Software1
EUVD
EUVD
added 2026/07/01 1:47 p.m.7 views

EUVD-2026-40996

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...

6.1CVSS5.8AI score0.00205EPSS
Exploits2References4
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.7 views

SUSE CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.00137EPSS
Exploits0References3
Rows per page
Query Builder