Lucene search
+L

148 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 12:54 p.m.10 views

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary Multiple components with known vulnerabilities were addressed in IBM QRadar SIEM 7.5.0 UP14 IF05 Vulnerability Details CVEID:CVE-2025-68615 DESCRIPTION: net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-sn...

9.8CVSS5.9AI score0.4269EPSS
Exploits3Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/24 10:8 a.m.2 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/02/10 12:0 a.m.4 views

OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

9.8CVSS5.6AI score0.47621EPSS
Exploits7
OSV
OSV
added 2026/02/06 3:57 p.m.7 views

OESA-2026-1311 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS6.4AI score0.47621EPSS
Exploits7References2
OSV
OSV
added 2026/02/06 3:57 p.m.9 views

OESA-2026-1310 openssl security update

OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security TLS and Secure Sockets Layer SSL protocols. Security Fixes: Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact...

9.8CVSS6.4AI score0.47621EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2026/02/02 12:0 a.m.2 views

RHEL 9 : openssl (RHSA-2026:1733)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:1733 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References6
GithubExploit
GithubExploit
added 2026/01/30 12:4 a.m.252 views

Exploit for CVE-2025-15467

CVE-2025-15467: OpenSSL CMS AuthEnvelopedData Stack Buffer Ove...

9.8CVSS6.3AI score0.47621EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2026/01/28 5:17 p.m.9 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References4
RedHat Linux
RedHat Linux
added 2026/01/28 3:32 p.m.20 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

9.8CVSS6.3AI score0.47621EPSS
Exploits7References4
SUSE Linux
SUSE Linux
added 2026/01/28 9:37 a.m.5 views

Security update for openssl-3

This update for openssl-3 fixes the following issues: CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level...

9.8CVSS6AI score0.47621EPSS
Exploits7References32
OSV
OSV
added 2026/01/28 9:37 a.m.4 views

SUSE-SU-2026:0310-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256830. - CVE-2025-68160: Heap out-of-bounds write in BIOflinebuffer on short writes bsc1256834. - CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with...

9.8CVSS6.1AI score0.47621EPSS
Exploits7References17
RedhatCVE
RedhatCVE
added 2026/01/28 6:20 a.m.7 views

CVE-2026-24881

A flaw was found in GnuPG. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. This message, containing an oversized wrapped session key, can cause a stack-based buffer overflow in the gpg-agent component...

9.8CVSS6.3AI score0.01745EPSS
Exploits1References5
EUVD
EUVD
added 2026/01/27 6:36 p.m.9 views

EUVD-2026-4768

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

8.1CVSS6.5AI score0.01745EPSS
Exploits1References2
CVE
CVE
added 2026/01/27 6:36 p.m.35 views

CVE-2026-24881

CVE-2026-24881 affects GnuPG before 2.5.17. A crafted CMS (S/MIME) EnvelopedData message with an oversized wrapped session key can trigger a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This may lead to denial of service, and memory corruption could enable remote c...

9.8CVSS6.5AI score0.01745EPSS
Exploits1References5Affected Software2
Vulnrichment
Vulnrichment
added 2026/01/27 6:36 p.m.3 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

8.1CVSS6.5AI score0.01745EPSS
Exploits1References2
OSV
OSV
added 2026/01/27 6:36 p.m.7 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

8.1CVSS6.5AI score0.01745EPSS
Exploits1References7
EUVD
EUVD
added 2026/01/27 4:1 p.m.5 views

EUVD-2025-206379

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData...

6.4AI score0.47621EPSS
Exploits7References6
UbuntuCve
UbuntuCve
added 2026/01/27 12:0 a.m.8 views

CVE-2025-15467

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

9.8CVSS7.5AI score0.47621EPSS
Exploits7References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : openssl-1.0.0-20.AXS4.5 (AXSA:2012-576:06)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-576:06 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

6.8CVSS8.2AI score0.28154EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : openssl-1.0.0-20.AXS4.3 (AXSA:2012-459:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-459:04 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5CVSS8AI score0.13075EPSS
Exploits0References3
Rows per page
Query Builder