Lucene search
K

203 matches found

RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-50573

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass package integrity checks during the pnpm install process when operating in non-frozen mode. If a malicious package registry serves altered content for a locked package, pnpm may accept this new...

8.1CVSS5.9AI score0.00113EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/26 10:53 p.m.7 views

pnpm Has an Integrity Check Bypass via Missing Lockfile Integrity Field

Summary pnpm's tarball extraction worker skips integrity verification when the integrity field is absent from the lockfile resolution. If an attacker can both modify pnpm-lock.yaml to remove the integrity: field and cause the referenced registry URL to serve altered package content, pnpm install...

8.1CVSS5.8AI score0.00126EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.14 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.9 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.10 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...

9.1CVSS6.5AI score0.02719EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35478

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.4AI score0.00237EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 5:17 p.m.9 views

ALPINE-CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.34 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS0.00237EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/06/09 5:14 p.m.21 views

USN-8414-1: OpenSSL vulnerabilities

Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or obtain sensitive information. CVE-2026-34180 Pavol Zacik and Alex Gaynor discovered that OpenSSL...

9.1CVSS6.1AI score0.02719EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.10 views

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.4AI score0.00237EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.273 views

CVE-2026-34182

CVE-2026-34182 describes a vulnerability in CMS AuthEnvelopedData processing in OpenSSL where insufficient input validation on cipher and tag length can allow forged or manipulated messages. Attack scenarios include selecting non-AEAD ciphers (e.g., AES-256-OFB) that bypasses integrity checks and...

9.1CVSS5.5AI score0.00237EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.45 views

CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

0.00237EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.19 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00237EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47831

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers. This allows attackers to achiev...

9.1CVSS5.5AI score0.00513EPSS
Exploits0References111
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.12 views

Security feature bypass vulnerability in Azure Key Vault Keys library for Java

The Java Key Vault Keys library in the Azure SDK for Java contains an issue in the local cryptographic verification path where authentication tag comparison was implemented incorrectly. In affected applications that use the vulnerable local cryptography path, specially crafted encrypted input may...

9.1CVSS6AI score0.00479EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.4 views

Ubuntu 22.04 LTS / 24.04 LTS : Slurm vulnerabilities (USN-8236-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8236-1 advisory. It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify fil...

9.8CVSS6.1AI score0.01386EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 5:43 a.m.9 views

USN-8236-1 slurm-wlm vulnerabilities

It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2023-41914 Ryan Hall discovered that Slurm did not correctly enforce certai...

9.8CVSS7.3AI score0.01386EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2026/05/06 5:43 a.m.10 views

USN-8236-1: Slurm vulnerabilities

It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2023-41914 Ryan Hall discovered that Slurm did not correctly enforce certai...

9.8CVSS6AI score0.01386EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/30 6:17 p.m.40 views

CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass

Insufficient Verification of Data Authenticity vulnerability in hexpm hex Hex.RemoteConverger module allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However,...

8.9CVSS0.00191EPSS
Exploits1References4
Rows per page
Query Builder