CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

SUSE CVE•added 2026/06/13 2:21 a.m.•8 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS

Exploits0References8

RedHat Linux•added 2026/06/11 1:9 p.m.•5 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS

Exploits0References4

EUVD•added 2026/06/09 6:30 p.m.•10 views

EUVD-2026-35478

5.4AI score0.00237EPSS

Exploits0References7

AlpineLinux•added 2026/06/09 4:3 p.m.•17 views

CVE-2026-34182

9.1CVSS5.4AI score0.00237EPSS

Exploits0

OSV•added 2026/06/09 12:0 a.m.•5 views

UBUNTU-CVE-2026-34182

9.1CVSS5.4AI score0.00237EPSS

Exploits0References5

RedhatCVE•added 2026/06/05 7:19 p.m.•8 views

CVE-2026-5500

wolfSSL's wcPKCS7DecodeAuthEnvelopedData does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸...

8.7CVSS5.4AI score0.00355EPSS

Exploits0References1

OSV•added 2026/04/27 6:33 p.m.•8 views

JLSEC-2026-256 Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can...

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.7AI score0.48666EPSS

Exploits7References11

Snyk•added 2026/04/10 5:6 a.m.•1 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to improper validation of the AES-GCM authentication tag length in the wcPKCS7DecodeAuthEnvelopedData function. An attacker can bypass authentication by truncating the authentication tag, significantly...

8.7CVSS5.8AI score0.00355EPSS

Exploits0References2

OSV•added 2026/02/06 3:57 p.m.•4 views

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

8.8CVSS6.4AI score0.48666EPSS

Exploits7References2

SUSE CVE•added 2026/01/30 12:43 a.m.•3 views

SUSE CVE-2025-15467

9.8CVSS7.5AI score0.48666EPSS

Exploits7References21

RedHat Linux•added 2026/01/29 5:22 p.m.•1 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.48666EPSS

Exploits7References4

Snyk•added 2026/01/27 4:49 p.m.•6 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing a CMS AuthEnvelopedData message. An attacker can trigger a crash by supplying AEAD ciphers such as AES-GCM with malicious initialization vectors. These are encoded in the ASN.1 parameters and...

9.8CVSS5.8AI score0.48666EPSS

Exploits7References2