Lucene search
K

57 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 12:13 p.m.3 views

CVE-2026-28390

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2026/04/08 11:57 a.m.8 views

USN-8155-1: OpenSSL vulnerabilities

Viktor Dukhovni discovered that OpenSSL incorrectly negotiated the expected preferred key exchange group when used as a TLS 1.3 server. This could result in a less preferred key exchange being used, contrary to expectations. This issue only affected Ubuntu 25.10. CVE-2026-2673 Igor Morgenstern...

9.8CVSS6.2AI score0.00981EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/07 11:27 p.m.7 views

SUSE CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

5.3CVSS5.9AI score0.00805EPSS
Exploits0References21
OSV
OSV
added 2026/04/07 10:16 p.m.5 views

ALPINE-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 10:16 p.m.5 views

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS0.00805EPSS
Exploits0References8
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.5 views

OpenSSL Security Advisory 20260407

OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...

7.5CVSS6.1AI score0.00981EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.3 views

PT-2026-31039

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a specially crafted CMS EnvelopedData message with KeyTransportRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data ...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References146
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-31038

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data to crash befor...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References127
OSV
OSV
added 2026/03/19 10:16 p.m.5 views

DEBIAN-CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.3AI score0.00095EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/09 9:3 p.m.18 views

Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to OpenSSL

Summary Vulnerabilities in OpenSSL could allow an attacker to potentially execute arbitrary code CVE-2025-15467 or cause a denial of service CVE-2025-68160, CVE-2025-69418, CVE-2025-69419, CVE-2025-69420, CVE-2025-69421, CVE-2026-22795, CVE-2026-22796. OpenSSL is used by AIX as part of AIX's secu...

9.8CVSS6.6AI score0.47621EPSS
Exploits7Affected Software2
UbuntuCve
UbuntuCve
added 2026/01/27 7:16 p.m.3 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.4AI score0.01745EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/01/27 6:36 p.m.6 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.7AI score0.01745EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:36 p.m.3 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

8.1CVSS6.5AI score0.01745EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/27 4:16 p.m.4 views

AZL-75791 CVE-2025-15467 affecting package openssl for versions less than 3.3.5-3

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.7AI score0.47621EPSS
Exploits7References1
OSV
OSV
added 2026/01/27 4:16 p.m.4 views

AZL-75908 CVE-2025-15467 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.7AI score0.47621EPSS
Exploits7References1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-5009

Name of the Vulnerable Software and Affected Versions GnuPG versions prior to 2.5.17 Description A specially crafted CMS S/MIME EnvelopedData message with an oversized wrapped session key can lead to a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can result in...

9.8CVSS6.6AI score0.01745EPSS
Exploits1References18
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData messages with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.9AI score0.47621EPSS
Exploits7References3
Rows per page
Query Builder