Lucene search
K

43674 matches found

Debian CVE
Debian CVE
added 2026/01/27 6:36 p.m.6 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.7AI score0.01745EPSS
Exploits1
Ubuntu
Ubuntu
added 2026/01/27 6:10 p.m.12 views

USN-7980-1: OpenSSL vulnerabilities

Stanislav Fort, Petr Šimeček, and Hamza discovered that OpenSSL incorrectly validated PBMAC1 parameters when doing PKCS12 MAC verification. An attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-11187...

9.8CVSS5.4AI score0.47621EPSS
Exploits7
Snyk
Snyk
added 2026/01/27 4:49 p.m.6 views

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow when parsing a CMS AuthEnvelopedData message. An attacker can trigger a crash by supplying AEAD ciphers such as AES-GCM with malicious initialization vectors. These are encoded in the ASN.1 parameters and...

9.8CVSS5.8AI score0.47621EPSS
Exploits7References2
NVD
NVD
added 2026/01/27 4:16 p.m.10 views

CVE-2026-22796

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS0.00502EPSS
Exploits1References7
OSV
OSV
added 2026/01/27 4:16 p.m.4 views

AZL-75791 CVE-2025-15467 affecting package openssl for versions less than 3.3.5-3

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.7AI score0.47621EPSS
Exploits7References1
OSV
OSV
added 2026/01/27 4:16 p.m.4 views

AZL-75908 CVE-2025-15467 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.7AI score0.47621EPSS
Exploits7References1
OSV
OSV
added 2026/01/27 4:16 p.m.10 views

ALPINE-CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS8.8AI score0.47621EPSS
Exploits7References1
OSV
OSV
added 2026/01/27 4:16 p.m.8 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS7.3AI score0.47621EPSS
Exploits7References9
NVD
NVD
added 2026/01/27 4:16 p.m.6 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS0.47621EPSS
Exploits7References39
NVD
NVD
added 2026/01/27 4:16 p.m.5 views

CVE-2021-47900

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
OSV
OSV
added 2026/01/27 4:16 p.m.5 views

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser...

8.8CVSS5.9AI score
Exploits0References3
NVD
NVD
added 2026/01/27 4:16 p.m.8 views

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser...

8.8CVSS0.00611EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:1 p.m.20 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8CVSS8.5AI score0.47621EPSS
Exploits7References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 4:1 p.m.2 views

CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

8.8AI score0.47621EPSS
Exploits7References6
CVE
CVE
added 2026/01/27 4:1 p.m.405 views

CVE-2025-15467

CVE-2025-15467 describes a stack buffer overflow in OpenSSL when parsing CMS AuthEnvelopedData/EnvelopedData with AEAD ciphers (e.g., AES-GCM). The issue occurs when the ASN.1 IV parameter is copied into a fixed-size stack buffer without length checks, allowing a crafted CMS message with an overs...

9.8CVSS8.8AI score0.47621EPSS
Exploits7References39Affected Software1
Debian CVE
Debian CVE
added 2026/01/27 4:1 p.m.13 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS8.1AI score0.47621EPSS
Exploits7
Cvelist
Cvelist
added 2026/01/27 4:1 p.m.27 views

CVE-2025-15467 Stack buffer overflow in CMS (Auth)EnvelopedData parsing

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

0.47621EPSS
Exploits7References6
AlpineLinux
AlpineLinux
added 2026/01/27 4:1 p.m.4 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS8.8AI score0.47621EPSS
Exploits7References39
Cvelist
Cvelist
added 2026/01/27 3:23 p.m.20 views

CVE-2021-47900 Gila CMS < 2.0.0 - Remote Code Execution

Gila CMS versions prior to 2.0.0 contain a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through manipulated HTTP headers. Attackers can inject PHP code in the User-Agent header with shellexec to run system commands by sending craft...

9.8CVSS0.00602EPSS
Exploits0References4
CVE
CVE
added 2026/01/27 3:23 p.m.7 views

CVE-2021-47900

Gila CMS

9.8CVSS6.7AI score0.00602EPSS
Exploits0References4
Rows per page
Query Builder