Lucene search
K

144 matches found

attackerkb
attackerkb
added 2026/04/09 11:10 p.m.6 views

CVE-2026-5392

Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7VerifySignedData...

2.3CVSS5.9AI score0.00159EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/09 12:0 a.m.6 views

PT-2026-31825

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A heap out-of-bounds read issue exists in the PKCS7 parsing process. A specially crafted PKCS7 message can cause an out-of-bounds read on the heap. The issue is due to a missing bounds check within the...

2.3CVSS5.8AI score0.00159EPSS
Exploits0References4
euvd
euvd
added 2026/04/08 12:30 a.m.6 views

EUVD-2026-19965

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

6AI score0.00805EPSS
Exploits0References7
euvd
euvd
added 2026/04/08 12:30 a.m.7 views

EUVD-2026-19966

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

5.9AI score0.00805EPSS
Exploits0References7
osv
osv
added 2026/04/07 10:16 p.m.7 views

ALPINE-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References1
osv
osv
added 2026/04/07 10:16 p.m.8 views

DEBIAN-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References1
nvd
nvd
added 2026/04/07 10:16 p.m.7 views

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS0.00805EPSS
Exploits0References8
debiancve
debiancve
added 2026/04/07 10:0 p.m.7 views

CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.3AI score0.00805EPSS
Exploits0
osv
osv
added 2026/04/07 12:0 a.m.3 views

UBUNTU-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References5
nessus
nessus
added 2026/04/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-28389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary:...

7.5CVSS7.2AI score0.00805EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/04/07 12:0 a.m.7 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References7
osv
osv
added 2026/04/07 12:0 a.m.10 views

UBUNTU-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References5
nvd
nvd
added 2026/03/19 10:16 p.m.8 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS0.00095EPSS
Exploits0References1
cve
cve
added 2026/03/19 9:17 p.m.21 views

CVE-2026-4159

CVE-2026-4159: A 1-byte out-of-bounds heap read in wolfSSL’s wc_PKCS7_DecodeEnvelopedData can be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Affected software: wolfSSL 5.8.4 and earlier; root cause is a 1-byte OOB read during enveloped data decoding. Impac...

3.3CVSS5.8AI score0.00095EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/03/19 12:0 a.m.11 views

PT-2026-26376

Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.4 and earlier Description An out-of-bounds heap read issue exists in the wc PKCS7 DecodeEnvelopedData function when processing crafted CMS EnvelopedData messages containing zero-length encrypted content. This issue could...

3.3CVSS5.1AI score0.00095EPSS
Exploits0References9
ics
ics
added 2026/03/12 12:30 a.m.9 views

ABB AC500 V3 Stack Buffer Overflow in Cryptographic Message Syntax

SUMMARY ABB became aware of vulnerability in the products versions listed as affected in the advisory. An update is available that resolves publicly reported vulnerability. An attacker who successfully exploited these vulnerabilities could cause a crash, denial-of-service DoS, or potentially...

9.8CVSS6.7AI score0.47621EPSS
Exploits7References11
ibm
ibm
added 2026/02/26 12:54 p.m.10 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP14 IF05 Vulnerability Details CVEID:CVE-2025-68615 DESCRIPTION: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-sn...

9.8CVSS5.9AI score0.4269EPSS
Exploits3Affected Software1
redhat
redhat
added 2026/02/24 10:8 a.m.2 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
packetstormnews
packetstormnews
added 2026/02/10 12:0 a.m.4 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
osv
osv
added 2026/02/06 3:57 p.m.6 views

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS6.4AI score0.47621EPSS
Exploits7References2
Rows per page
Query Builder