Lucene search
K

65 matches found

CVE
CVE
added 2026/06/29 6:44 p.m.17 views

CVE-2026-13757

CVE-2026-13757 affects p11-kit. The RPC attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() can form a mutually-recursive call chain with no recursion depth limit when handling nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TE...

6.2CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software3
RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.5 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.5 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.5 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 10:17 p.m.2 views

DEBIAN-CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS5.8AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

UBUNTU-CVE-2026-7511

PKCS7verify signer confusion allows forged signatures, where the signer associated with a signature is not correctly bound, permitting a forged signature to be accepted...

7.5CVSS5.7AI score0.00171EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 9:2 p.m.5 views

CVE-2026-6329

PKCS12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to be accepted. The PKCS12 verify path compared the locally computed HMAC against the MAC parsed from the PKCS12 structure using a length taken directly fr...

6.5CVSS5.8AI score0.0016EPSS
Exploits0
OSV
OSV
added 2026/06/25 11:51 a.m.2 views

OPENSUSE-SU-2026:21059-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues Upgrade openCryptoki to version 3.27 jscPED-14609: Add base support for PKCS11 v3.2. Add support for PKCS11 v3.2 CVerifySignatureInit|Update|Final. Add support for PKCS11 v3.2 CEncapsulateKey/CDecapsulateKey. Soft/ICA/CCA/EP11: Add support f...

6.8CVSS5.8AI score0.00237EPSS
Exploits2References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Processing a maliciously formatted PKCS12 file may cause OpenSSL to crash, leading to a potential Denial of Service attack. Impact summary: Applications that load files in PKCS12 format from untrusted sources may experience abrupt termination. A PKCS12 format file can contain...

5.5CVSS6.6AI score0.03174EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35477

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

5.6AI score0.00196EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.36 views

CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

0.00196EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47844

Name of the Vulnerable Software and Affected Versions OpenSSL version 4.0 OpenSSL version 3.6 OpenSSL version 3.5 OpenSSL version 3.4 OpenSSL version 3.0 OpenSSL version 1.1.1 OpenSSL version 1.0.2 Description A use-after-free condition occurs during PKCS7 signature verification when processing a...

8.8CVSS6.1AI score0.02719EPSS
Exploits0References205
RedHat Linux
RedHat Linux
added 2026/05/26 6:51 a.m.12 views

gnutls: gnutls: Information disclosure via heap overread in RSA key exchange

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

8.2CVSS5.8AI score0.00727EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 6:40 a.m.11 views

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.11 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. GnuTLS has a security vulnerability, which stems from a single-bit error in the bounds checking of PKCS12 package elements. This vulnerability could...

5.3CVSS5.8AI score0.00727EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.13 views

PT-2026-41582

Name of the Vulnerable Software and Affected Versions Crypt::OpenSSL::PKCS12 versions prior to 1.95 Description An out-of-bounds write flaw exists when parsing a PKCS12 file containing an OCTET STRING or BIT STRING attribute on a SAFEBAG of 1 GiB or larger. This issue is triggered via the info or...

9.8CVSS6.2AI score0.00648EPSS
Exploits0References13
Fedora
Fedora
added 2026/05/12 12:49 a.m.16 views

[SECURITY] Fedora 44 Update: nss-3.122.2-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/27 6:33 p.m.16 views

JLSEC-2026-263 Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#12 file...

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.7AI score0.00444EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2026/04/16 11:16 p.m.9 views

CVE-2026-40253

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...

6.8CVSS6AI score0.0016EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/09 3:23 a.m.14 views

[SECURITY] Fedora 43 Update: opensc-0.27.1-1.fc43

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so...

6.8CVSS5.9AI score0.00282EPSS
Exploits2
Rows per page
Query Builder