Lucene search
K

113 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.4 views

EUVD-2026-39575

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS5.8AI score0.00143EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.5 views

DEBIAN-CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 9:12 p.m.5 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0
CVE
CVE
added 2026/06/25 9:12 p.m.20 views

CVE-2026-55962

CVE-2026-55962 (WolfSSL) : TLS 1.3 post-handshake authentication could allow a server to accept a client’s Finished message without a Certificate and CertificateVerify if a post-handshake CertificateRequest was outstanding. The fix scopes the check to the initial handshake: after certReqCtx is se...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:5 a.m.9 views

NULL Pointer Dereference in CRMF EncryptedValue Decryption

...

5.9CVSS5.8AI score0.00349EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.8 views

openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 1:34 p.m.10 views

CVE-2026-42767

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.16 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 5:17 p.m.8 views

ALPINE-CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS0.00349EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.42 views

CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

5.9CVSS5.6AI score0.00349EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.34 views

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

0.00349EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.8 views

CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

7.5CVSS5.5AI score0.00513EPSS
Exploits0References115
OSV
OSV
added 2026/06/09 12:0 a.m.5 views

UBUNTU-CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/09 9:30 a.m.2 views

EUVD-2025-208373

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/09 8:17 a.m.1 views

CVE-2025-41763

A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files...

6.5CVSS5.8AI score0.00241EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/03/02 12:0 a.m.3 views

Comparison of Credential Management Systems Based on the Standards of IEEE, ETSI, and YD/T 3957-2021

As V2X Vehicle-to-Everything technology becomes increasingly prevalent, the security of V2X networks has garnered growing attention worldwide. In North America, the IEEE 1609 series standards are primarily used, while Europe adopts the ETSI series standards, and China has also established its...

5.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/02/06 6:52 p.m.9 views

Metasploit Wrap-Up 02/06/2026

Google Summer of Code 2026 Our very own Jack Heysel has added some documentation which outlines the Metasploit Framework project ideas for GSoC 2026. For anyone interested in applying please see GSoC-How-To-Apply documentation, or reach out on slack to any of the following GSoC mentors on Slack v...

5.7AI score
Exploits0
Rows per page
Query Builder