openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

CVE-2026-9076 Out-of-Bounds Read in CMS Password-Based Decryption

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

CentOS 9 : openssl-3.5.5-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssl-3.5.5-3.el9 build changelog. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impa...

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

CVE-2019-25492

CVE-2019-25492 affects Homey BNB V4 and is an SQL injection vulnerability exploitable by an unauthenticated attacker via the GET parameter pt to the admin/getcmsdata.php endpoint. The provided data indicate that an attacker can manipulate database queries and potentially extract sensitive informa...

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

Malicious code in get-hydrated-cms-data (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9641 Malicious code in get-hydrated-cms-data (npm)

--- -= Per source details. Do not edit below this line.=-...

Net Titanium Technology idcCMS 安全漏洞

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from the Chinese company Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.10 that allows an attacker to arbitrarily delete the install.lock...

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

CentOS 5 : openssl (CESA-2015:2616)

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fro...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

Medium: openssl

Issue Overview: A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. CVE-2015-3194...