Lucene search
+L

67 matches found

ibm
ibm
added 2026/04/29 11:4 a.m.10 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS8.2AI score0.47621EPSS
Exploits9Affected Software1
osv
osv
added 2026/04/27 6:33 p.m.19 views

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.7AI score0.00444EPSS
Exploits1References8
osv
osv
added 2026/03/27 2:4 p.m.7 views

OESA-2026-1748 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

7.5CVSS7.1AI score0.00844EPSS
Exploits1References7
osv
osv
added 2026/03/20 2:24 p.m.4 views

OESA-2026-1664 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS6AI score0.00444EPSS
Exploits1References2
osv
osv
added 2026/03/20 2:24 p.m.3 views

OESA-2026-1661 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS6.9AI score0.00444EPSS
Exploits1References2
nessus
nessus
added 2026/03/15 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: openssl (UTSA-2026-006143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006143 advisory. Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code poin...

7.4CVSS6.8AI score0.00444EPSS
Exploits1References4
nessus
nessus
added 2026/02/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2025-69419)

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS6AI score0.00444EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2026/02/04 12:0 a.m.3 views

The vulnerability of the PKCS12_get_friendlyname() function in the OpenSSL library allows a hacker to induce a denial-of-service attack.

The vulnerability of the PKCS12getfriendlyname function in the OpenSSL library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

7.4CVSS7.3AI score0.00444EPSS
Exploits1References11Affected Software6
nessus
nessus
added 2026/02/03 12:0 a.m.5 views

SUSE SLES15: libopenssl-1_1-devel / libopenssl-1_1-devel-32bit / libopenssl1_1 / etc (SUSE-SU-2026:0360-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0360-1 advisory. - CVE-2026-22795: Missing ASN1TYPE validation in PKCS12 parsing bsc1256839. - CVE-2025-69420: Missing ASN1TYPE validation in...

7.5CVSS6.7AI score0.00844EPSS
Exploits1References22
snyk
snyk
added 2026/01/28 4:34 p.m.4 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the module friendlyName. An attacker can execute arbitrary scripts in the context of a user's browser...

7.6CVSS6AI score0.00249EPSS
Exploits0References2
osv
osv
added 2026/01/28 4:34 p.m.3 views

GHSA-VM5Q-8QWW-H238 DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal

A module friendly name could include scripts that will run during some module operations in the Persona Bar...

7.6CVSS5.9AI score0.00249EPSS
Exploits0References3
github
github
added 2026/01/28 4:34 p.m.11 views

DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal

A module friendly name could include scripts that will run during some module operations in the Persona Bar...

7.6CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
osv
osv
added 2026/01/27 4:16 p.m.10 views

AZL-75786 CVE-2025-69419 affecting package openssl 1.1.1k-38

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
osv
osv
added 2026/01/27 4:16 p.m.8 views

AZL-75890 CVE-2025-69419 affecting package edk2 20240524git3e722403cd16-14

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
osv
osv
added 2026/01/27 4:16 p.m.8 views

AZL-76152 CVE-2025-69419 affecting package hvloader for versions less than 1.0.1-18

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
osv
osv
added 2026/01/27 4:16 p.m.10 views

AZL-75290 CVE-2025-69419 affecting package openssl for versions less than 3.3.5-3

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References1
osv
osv
added 2026/01/27 4:16 p.m.6 views

ALPINE-CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS6AI score0.00444EPSS
Exploits1References1
euvd
euvd
added 2026/01/27 4:1 p.m.6 views

EUVD-2025-206395

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

6AI score0.00444EPSS
Exploits1References6
attackerkb
attackerkb
added 2026/01/27 4:1 p.m.8 views

CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

6AI score0.00444EPSS
Exploits1References7Affected Software1
osv
osv
added 2026/01/27 4:1 p.m.7 views

CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00444EPSS
Exploits1References9
Rows per page
Query Builder