Lucene search
K

114 matches found

Ubuntu
Ubuntu
added 2026/04/09 5:35 p.m.13 views

USN-8155-2: OpenSSL vulnerabilities

USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS. CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and...

8.1CVSS6AI score0.00885EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US company wolfSSL, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from the PKCS7 implementation in the wcPKCS7DecryptOri function. This...

8CVSS6AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.5 views

PT-2026-31822

Name of the Vulnerable Software and Affected Versions wolfSSL versions affected versions not specified Description A stack buffer overflow exists in wolfSSL's PKCS7 implementation within the wc PKCS7 DecryptOri function located in wolfcrypt/src/pkcs7.c. The issue occurs when processing a CMS...

5.9CVSS6.1AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/08 12:30 a.m.7 views

EUVD-2026-19966

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

5.9AI score0.00805EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/07 11:9 p.m.5 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...

8.2CVSS5.8AI score0.00805EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 10:16 p.m.7 views

ALPINE-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 10:16 p.m.7 views

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS0.00805EPSS
Exploits0References8
OSV
OSV
added 2026/04/07 10:16 p.m.4 views

DEBIAN-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 10:0 p.m.26 views

CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

0.00805EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 10:0 p.m.187 views

CVE-2026-28390

OpenSSL CVE-2026-28390 describes a NULL pointer dereference when processing CMS EnvelopedData with KeyTransportRecipientInfo using RSA-OAEP, triggered by missing optional RSA-OAEP parameters. The issue allows a crash/Denial of Service when untrusted CMS data is decrypted via CMS_decrypt(). Affect...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.12 views

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.9AI score0.00805EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/07 10:0 p.m.27 views

CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

0.00805EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 10:0 p.m.3 views

CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

5.9AI score0.00805EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.8 views

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS6AI score0.00805EPSS
Exploits0
OSV
OSV
added 2026/04/07 12:0 a.m.2 views

UBUNTU-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References7
Anthropic
Anthropic
added 2026/03/29 8:42 p.m.14 views

ANT-2026-P23DVQM2 · wolfSSL · crypto-failure

crypto-failure high CVE-2026-5500 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through public...

8.7CVSS5.8AI score0.00355EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:15 p.m.4 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

2.1CVSS5.8AI score0.00095EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 12:31 a.m.8 views

EUVD-2026-13233

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

2.1CVSS5.8AI score0.00095EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-4159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References3
Rows per page
Query Builder