|
3091
|
9.8 |
CRITICAL
Network
|
rust-openssl_project
|
rust-openssl
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac…
|
CWE-126
CWE-130
Buffer Over-read
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-41898
|
2026-04-29 02:45 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3092
|
9.8 |
CRITICAL
Network
|
rust-openssl_project
|
rust-openssl
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-41681
|
2026-04-29 02:44 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3093
|
9.8 |
CRITICAL
Network
|
rust-openssl_project
|
rust-openssl
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-41678
|
2026-04-29 02:41 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3094
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
When querying a nexthop object via RTM_GETNEXTHOP, the kernel curren…
|
NVD-CWE-noinfo
|
CVE-2026-31531
|
2026-04-29 02:38 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3095
|
9.1 |
CRITICAL
Network
|
rust-openssl_project
|
rust-openssl
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa…
|
CWE-125
CWE-1284
Out-of-bounds Read
Improper Validation of Specified Quantity in Input
|
CVE-2026-41677
|
2026-04-29 02:34 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3096
|
9.8 |
CRITICAL
Network
|
rust-openssl_project
|
rust-openssl
|
rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len…
|
CWE-131
CWE-787
Incorrect Calculation of Buffer Size
Out-of-bounds Write
|
CVE-2026-41676
|
2026-04-29 02:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3097
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: renesas_usb3: validate endpoint index in standard request handlers
The GET_STATUS and SET/CLEAR_FEATURE handlers ext…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31615
|
2026-04-29 02:29 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3098
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()
The block_len read from the host-supplied NTB header is checke…
|
NVD-CWE-noinfo
|
CVE-2026-31617
|
2026-04-29 02:27 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3099
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
esp: fix skb leak with espintcp and async crypto
When the TX queue for espintcp is full, esp_output_tail_tcp will
return an error…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31518
|
2026-04-29 02:25 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3100
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()
A broken/bored/mean USB host can overflow the skb_shared_info…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31616
|
2026-04-29 02:21 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
