Lucene search
K

149 matches found

OSV
OSV
added 6 days ago7 views

MAL-2026-6495 Malicious code in animatecss-postcss-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6be12cec08d0999c157774b746c3e431825ae61635bb8ddddf36061d4602cec7 [email protected] ships a tiny PostCSS plugin factory whose body contains an obfuscator.io-style string-array + RC4 decoder functions...

5.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.13 views

SUSE CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

3.7CVSS5.7AI score0.00297EPSS
Exploits0References19
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-9076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can...

7.5CVSS5.8AI score0.00297EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS0.00297EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.8 views

ALPINE-CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.7 views

CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS5.7AI score0.00297EPSS
Exploits0
CVE
CVE
added 2026/06/09 4:3 p.m.132 views

CVE-2026-9076

CVE-2026-9076 describes a heap out-of-bounds read in the OpenSSL CMS password-based decryption flow (RFC 3211 PWRI key unwrap). When processing attacker-supplied CMS data, using a stream-mode KEK cipher chosen via the PWRI keyEncryptionAlgorithm, the check-byte guard can be bypassed, causing a bu...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47856

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A heap out-of-bounds read can occur during CMS password-based decryption RFC 3211 / PWRI key unwrap when processing attacker-supplied CMS data. The issue arises in the kek unwrap key function...

7.5CVSS5.6AI score0.00297EPSS
Exploits0References138
Tenable Nessus
Tenable Nessus
added 2025/10/11 12:0 a.m.1 views

EulerOS 2.0 SP11 : krb5 (EulerOS-SA-2025-2231)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5...

5.9CVSS6.9AI score0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-6307

Malware in sbrugna...

2.1CVSS6.4AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-14768

Malware in sbrugna...

7.5CVSS6.5AI score0.02289EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2001-1449

Malware in sbrugna...

5CVSS6.4AI score0.01214EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-14757

Malware in sbrugna...

7.4CVSS7.3AI score0.01379EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-29296

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.00218EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 12:42 p.m.5 views

OESA-2025-2124 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due ...

5.9CVSS7AI score0.00276EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2019-5163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher and a localaddres...

7.5CVSS7AI score0.02289EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.5 views

CVE-2022-24404

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

7.5CVSS6.9AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 5:55 p.m.8 views

CVE-2019-5152

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Shadowsocks-libev 3.3.2. When utilizing a Stream Cipher, a specially crafted set of network packets can cause an outbound connection from the server, resulting in information disclosure. An...

7.4CVSS6.2AI score0.01379EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 2:6 p.m.72 views

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM i (CVE-2015-2808)

Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM i Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability to...

5CVSS7AI score0.74006EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/10/19 10:15 a.m.11 views

CVE-2022-24404

Lack of cryptographic integrity check on TETRA air-interface encrypted traffic. Since a stream cipher is employed, this allows an active adversary to manipulate cleartext data in a bit-by-bit fashion...

7.5CVSS7.3AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder