Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

24 matches found

AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.3 views

Astra Linux - уязвимость в openssl

Issue summary: Calling the PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code points can trigger a one-byte write before the allocated buffer. This out-of-bounds write can cause memory corruption, leading to...

7.4CVSS7.2AI score0.00115EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletinsadded 2026/04/29 11:4 a.m.6 views

Security Bulletin: IBM Guardium Data Protection is affected by multiple vulnerabilities

Summary IBM Guardium Data Protection has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2025-15467 DESCRIPTION: Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

8.8CVSS8.2AI score0.02889EPSS
Exploits9Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/04/17 12:0 a.m.1 views

Unity Linux 20.1070a Security Update: openssl (UTSA-2026-007292)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007292 advisory. Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code poin...

7.4CVSS7.2AI score0.00115EPSS
Exploits1References4
OSV
OSVadded 2026/03/27 2:4 p.m.1 views

OESA-2026-1748 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based...

7.5CVSS7.1AI score0.01131EPSS
Exploits1References7
OSV
OSVadded 2026/03/20 2:24 p.m.1 views

OESA-2026-1662 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS6.9AI score0.00115EPSS
Exploits1References2
OSV
OSVadded 2026/02/26 10:45 a.m.3 views

CLSA-2026-1772102739 openssl: Fix of CVE-2025-69419

CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS12 BMPString containing non-ASCII BMP code point; validate UTF8putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8...

7.4CVSS7.2AI score0.00115EPSS
Exploits1References1
OSV
OSVadded 2026/02/26 9:38 a.m.3 views

CLSA-2026-1772098723 openssl: Fix of CVE-2025-69419

CVE-2025-69419: fix one-byte write-before-buffer triggered by malicious PKCS12 BMPString containing non-ASCII BMP code point; validate UTF8putc return and use correct destination capacity during conversion from UTF-16BE into UTF-8...

7.4CVSS5.9AI score0.00115EPSS
Exploits1References1
OSV
OSVadded 2026/01/27 4:16 p.m.1 views

AZL-76116 CVE-2025-69419 affecting package edk2 for versions less than 20230301gitf80f052277c8-47

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00115EPSS
Exploits1References1
OSV
OSVadded 2026/01/27 4:16 p.m.1 views

AZL-75786 CVE-2025-69419 affecting package openssl 1.1.1k-38

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.2AI score0.00115EPSS
Exploits1References1
NVD
NVDadded 2026/01/27 4:16 p.m.4 views

CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS0.00115EPSS
Exploits1References7
CVE
CVEadded 2026/01/27 4:1 p.m.65 views

CVE-2025-69419

CVE-2025-69419 is an OpenSSL vulnerability arising from PKCS12_get_friendlyname() processing of attacker-supplied PKCS#12 BMPString names. The root cause is in OPENSSL_uni2utf8(): during the second pass, bmp_to_utf8() forwards the remaining UTF-16 source byte count as the destination capacity to ...

7.4CVSS6AI score0.00115EPSS
Exploits1References7Affected Software1
Cvelist
Cvelistadded 2026/01/27 4:1 p.m.19 views

CVE-2025-69419 Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

0.00115EPSS
Exploits1References6
Tenable Nessus
Tenable Nessusadded 2026/01/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-69419

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code...

7.4CVSS7.2AI score0.00115EPSS
Exploits1References3
OSV
OSVadded 2026/01/27 12:0 a.m.0 views

UBUNTU-CVE-2025-69419

Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...

7.4CVSS7.3AI score0.00115EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/01/01 12:0 a.m.1 views

PT-2026-4949

Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1, 3.0, 3.3, 3.4, 3.5 and 3.6 Description A flaw exists in the handling of maliciously crafted PKCS12 files when using the PKCS12 get friendlyname API. Specifically, processing a PKCS12 file with a BMPString UTF-16BE...

9.8CVSS5.9AI score0.02889EPSS
Exploits7References112
F5 Networks
F5 Networksadded 2023/02/21 7:8 p.m.36 views

K15358: OpenSSL vulnerability CVE-2009-0590

Security Advisory Description The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

5CVSS8.4AI score0.10016EPSS
Exploits0Affected Software16
SUSE CVE
SUSE CVEadded 2023/02/15 6:5 a.m.0 views

SUSE CVE-2009-0590

The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

5CVSS8.5AI score0.10016EPSS
Exploits0References9
OpenVAS
OpenVASadded 2010/03/31 12:0 a.m.40 views

CentOS Update for openssl CESA-2010:0163 centos3 i386

Check for the Version of openssl OpenVAS Vulnerability Test CentOS Update for openssl CESA-2010:0163 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.8CVSS6.8AI score0.10016EPSS
Exploits14References2
securityvulns
securityvulnsadded 2009/04/01 12:0 a.m.42 views

OpenSSL library BMPString DoS

Crash on UniversalString and BMPString parsing...

5CVSS2.8AI score0.10016EPSS
Exploits0References1Affected Software1
NVD
NVDadded 2009/03/27 4:30 p.m.16 views

CVE-2009-0590

The ASN1STRINGprintex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service invalid memory access and application crash via vectors that trigger printing of a 1 BMPString or 2 UniversalString with an invalid encoded length...

5CVSS7.2AI score0.10016EPSS
Exploits0References60
Rows per page
Query Builder