Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.8 views

openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 1:34 p.m.8 views

CVE-2026-42767

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 5:17 p.m.4 views

ALPINE-CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 4:3 p.m.41 views

CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

5.9CVSS5.6AI score0.00349EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.8 views

CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.33 views

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

0.00349EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

9.1CVSS5.5AI score0.00595EPSS
Exploits0References102
Mageia
Mageia
added 2013/08/12 1:54 p.m.55 views

Updated firefox and thunderbird packages fix security vulnerabilities

Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...

10CVSS9.9AI score0.40118EPSS
Exploits14References9
Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.36 views

Firefox < 23.0 Multiple Vulnerabilities

The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...

10CVSS6.9AI score0.40118EPSS
Exploits15References28
Tenable Nessus
Tenable Nessus
added 2013/08/08 12:0 a.m.41 views

Thunderbird < 17.0.8 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 17.0.8 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when...

10CVSS7.3AI score0.40118EPSS
Exploits14References21
NVD
NVD
added 2013/08/07 1:55 a.m.21 views

CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

10CVSS6.1AI score0.40118EPSS
Exploits13References6
Prion
Prion
added 2013/08/07 1:55 a.m.14 views

Heap overflow

Heap-based buffer underflow in the cryptojsinterpretkeygentype function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Certificate Request Message Format CRMF request...

10CVSS8.2AI score0.03914EPSS
Exploits0References5Affected Software2
Prion
Prion
added 2013/08/07 1:55 a.m.27 views

Cross site scripting

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting XSS attacks...

10CVSS6.5AI score0.40118EPSS
Exploits13References6Affected Software5
Cvelist
Cvelist
added 2013/08/07 1:0 a.m.21 views

CVE-2013-1705

Heap-based buffer underflow in the cryptojsinterpretkeygentype function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service application crash via a crafted Certificate Request Message Format CRMF request...

7.5AI score0.03914EPSS
Exploits0References5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.64 views

CRMF requests allow for code execution and XSS attacks — Mozilla

Mozilla security researcher mozbugra4 reported a mechanism to execute arbitrary code or a cross-site scripting XSS attack when Certificate Request Message Format CRMF request is generated in certain circumstances...

10CVSS3.8AI score0.40118EPSS
Exploits13References2Affected Software5
Mozilla
Mozilla
added 2013/08/06 12:0 a.m.39 views

Buffer underflow when generating CRMF requests — Mozilla

Security researcher Nils used the Address Sanitizer to discover a use-after-free problem when generating a Certificate Request Message Format CRMF request with certain parameters. This causes a potentially exploitable crash...

10CVSS4.8AI score0.03914EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder