CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

RedHat Linux•added 2026/06/01 1:54 p.m.•19 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.8AI score0.00805EPSS

Exploits0References10

Amazon•added 2026/04/30 12:0 a.m.•10 views

Medium: openssl

Issue Overview: NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NULL dereference when processing CMS KeyTransportRecipientInfo...

7.5CVSS5.2AI score0.00885EPSS

Exploits0

OSV•added 2026/04/27 6:33 p.m.•8 views

JLSEC-2026-275

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.3AI score0.00805EPSS

Exploits0References6

Tenable Nessus•added 2026/04/25 12:0 a.m.•3 views

SUSE SLES15 Security Update : openssl-3 (SUSE-SU-2026:1605-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1605-1 advisory. This update for openssl-3 fixes the following issue: Security issues fixed: - CVE-2026-28390: NULL pointer dereference during processing of ...

7.5CVSS5.4AI score0.00805EPSS

Exploits0References4

Tenable Nessus•added 2026/04/24 12:0 a.m.•3 views

SUSE SLES15 Security Update : openssl-1_1 (SUSE-SU-2026:1562-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1562-1 advisory. - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc126167...

7.5CVSS5.5AI score0.00805EPSS

Exploits0References4

OSV•added 2026/04/23 7:6 a.m.•4 views

SUSE-SU-2026:1562-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.3AI score0.00805EPSS

Exploits0References3

OSV•added 2026/04/22 9:41 a.m.•3 views

SUSE-SU-2026:1550-1 Security update for openssl-1_1

This update for openssl-11 fixes the following issues: - CVE-2026-28390: NULL pointer dereference during processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo bsc1261678...

7.5CVSS5.8AI score0.00805EPSS

Exploits0References3

Ubuntu•added 2026/04/09 5:35 p.m.•8 views

USN-8155-2: OpenSSL vulnerabilities

USN-8155-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for CVE-2026-28387 for openssl in Ubuntu 20.04 LTS. CVE-2026-28388 for openssl and openssl1.0 in Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS, and CVE-2026-28389 and...

8.1CVSS6AI score0.00885EPSS

Exploits0