CentOS 9 : openssl-3.5.5-3.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the openssl-3.5.5-3.el9 build changelog. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impa...

CVE-2019-25492

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

CVE-2019-25492

CVE-2019-25492 affects Homey BNB V4 and is an SQL injection vulnerability exploitable by an unauthenticated attacker via the GET parameter pt to the admin/getcmsdata.php endpoint. The provided data indicate that an attacker can manipulate database queries and potentially extract sensitive informa...

📄 OpenSSL 3.x ASN.1 AES‑GCM Nonce Stack Corruption

This Metasploit auxiliary module generates a specially crafted CMS file encoded in DER format to test a stack-based buffer overflow vulnerability in OpenSSL's ASN.1 parser related to improper handling of oversized AES-GCM nonce IV values within AES-GCM-Parameters as defined in RFC 5084. The...

Malicious code in get-hydrated-cms-data (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9641 Malicious code in get-hydrated-cms-data (npm)

--- -= Per source details. Do not edit below this line.=-...

Net Titanium Technology idcCMS 安全漏洞

Net Titanium Technology idcCMS Net Titanium IDC Cloud Management Agent System is a cloud management agent system from the Chinese company Net Titanium Technology. A security vulnerability exists in Net Titanium Technology idcCMS v1.10 that allows an attacker to arbitrarily delete the install.lock...

EulerOS 2.0 SP2 : openssl098e (EulerOS-SA-2019-1861)

According to the versions of the openssl098e package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

CentOS 5 : openssl (CESA-2015:2616)

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fro...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

OpenSSL: X509_ATTRIBUTE memory leak

A memory leak vulnerability was found in the way OpenSSL parsed PKCS7 and CMS data. A remote attacker could use this flaw to cause an application that parses PKCS7 or CMS data from untrusted sources to use an excessive amount of memory and possibly crash...

Medium: openssl

Issue Overview: A NULL pointer derefernce flaw was found in the way OpenSSL verified signatures using the RSA PSS algorithm. A remote attacked could possibly use this flaw to crash a TLS/SSL client using OpenSSL, or a TLS/SSL server using OpenSSL if it enabled client authentication. CVE-2015-3194...