CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

Packet Storm•added 2026/01/29 12:0 a.m.•159 views

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

9.8CVSS6.3AI score0.02889EPSS

Exploits7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2017-17963

Malware in sbrugna...

7.5CVSS7.6AI score0.02101EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-0682

Malware in sbrugna...

7.5CVSS7.6AI score0.03325EPSS

Exploits0References28

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-1555

Malware in sbrugna...

5.3CVSS5.5AI score0.00294EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-16298

Malware in sbrugna...

9.6CVSS9.3AI score0.01547EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2017-9441

Malware in sbrugna...

7.8CVSS7.7AI score0.00038EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-1732

Malware in sbrugna...

9.3CVSS6.4AI score0.01362EPSS

Exploits1References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-2181

Malware in sbrugna...

5CVSS6AI score0.08229EPSS

Exploits0References30

RedhatCVE•added 2025/05/22 10:3 a.m.•5 views

CVE-2019-17359

The ASN.1 parser in Bouncy Castle Crypto aka BC Java 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64...

7.5CVSS6.6AI score0.03325EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:13 a.m.•6 views

CVE-2017-1000416

axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year 1950 of UTCTime being misinterpreted as 2050...

5.3CVSS6.9AI score0.00294EPSS

Exploits0References1

Tenable Nessus•added 2025/03/04 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2017-9023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of...

7.5CVSS6.8AI score0.02101EPSS

Exploits0References2

Tenable Nessus•added 2025/02/20 12:0 a.m.•38 views

AlmaLinux 8 : mysql:8.0 (ALSA-2025:1673)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:1673 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

9.1CVSS7.4AI score0.06873EPSS

Exploits3References51

Tenable Nessus•added 2025/02/10 12:0 a.m.•8 views

Azure Linux 3.0 Security Update: mysql (CVE-2024-7264)

The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-7264 advisory. - libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If...

6.5CVSS7.2AI score0.00796EPSS

Exploits1References2

Vulnrichment•added 2024/07/31 8:8 a.m.•22 views

CVE-2024-7264 ASN.1 date parser overread

libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...

7.1AI score0.00796EPSS

Exploits1References4

OSV•added 2024/07/31 8:0 a.m.•18 views

CURL-CVE-2024-7264 ASN.1 date parser overread

6.5CVSS6.9AI score0.00796EPSS

Exploits1

Vulnrichment•added 2024/07/24 7:29 a.m.•25 views

CVE-2024-6197 freeing stack buffer in utf8asn1str

libcurl's ASN1 parser has this utf8asn1str function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes free on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort...

6.3AI score0.01302EPSS

Exploits1References5

AlpineLinux•added 2024/07/24 7:29 a.m.•23 views

CVE-2024-6197

7.5CVSS7.2AI score0.01302EPSS

Exploits1

OpenVAS•added 2022/07/07 12:0 a.m.•26 views

Mozilla Firefox Security Advisory (MFSA2022-24) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

9.8CVSS7.7AI score0.06199EPSS

Exploits1References1

GoogleProjectZero•added 2022/04/14 12:0 a.m.•85 views

CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

Posted by Ian Beer, Google Project Zero This blog post is my analysis of a vulnerability exploited in the wild and patched in early 2021. Like the writeup published last week looking at an ASN.1 parser bug, this blog post is based on the notes I took as I was analyzing the patch and trying to...

8.8CVSS8.4AI score0.05879EPSS

Exploits1

OSV•added 2021/10/06 2:58 p.m.•3 views

OPENSUSE-SU-2021:3301-1 Security update for libcryptopp

This update for libcryptopp fixes the following issues: - CVE-2016-9939: Fixed potential DoS in Crypto++ libcryptopp ASN.1 parser bsc1015243...

7.5CVSS7.5AI score0.05919EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by