Lucene search
K

119 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.8CVSS6.1AI score0.02719EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday8 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added yesterday4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 4 days ago12 views

Siemens SCALANCE, RUGGEDCOM, and SIPLUS Out-of-bounds Write (CVE-2025-15467)

Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData...

9.8CVSS7.4AI score0.47621EPSS
Exploits7References12
RedHat Linux
RedHat Linux
added 2026/07/06 8:58 a.m.5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS7AI score0.00805EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bleichenbacher padding oracle in PKCS7 KTRI decryption. When decrypting PKCS7 EnvelopedData using RSA PKCS1 v1.5 key transport, wolfSSL returned distinguishable...

6.5CVSS6AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:16 p.m.5 views

UBUNTU-CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS5.9AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 4:41 p.m.16 views

CVE-2026-6291

CVE-2026-6291 affects wolfSSL (v4.0) and describes a Bleichenbacher padding oracle in PKCS#7 KTRI RSA PKCS#1 v1.5 decryption used for EnvelopedData. The vulnerability arises because error codes differed between RSA padding validation failure and malformed decrypted content, enabling an attacker t...

6.5CVSS5.9AI score0.00152EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:35 p.m.6 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 4:35 p.m.30 views

CVE-2026-6094 Heap buffer overread in wc_PKCS7_DecodeEnvelopedData parsing crafted PKCS7 EnvelopedData

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS0.00294EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 4:35 p.m.13 views

CVE-2026-6094

CVE-2026-6094: Heap buffer overread in wolfSSL wc_PKCS7_DecodeEnvelopedData during parsing of crafted PKCS7 EnvelopedData. Attack via attacker-supplied data in S/MIME or CMS is possible. Documented impact includes potential confidentiality and availability effects; exploitation status and patch d...

9.1CVSS6AI score0.00294EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 4:35 p.m.6 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS6AI score0.00294EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28389)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS7.4AI score0.00805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/06/16 8:7 a.m.4 views

SUSE-SU-2026:2411-1 Security update for openssl-3-livepatches

This update for openssl-3-livepatches fixes the following issues: - CVE-2025-11187: Improper validation of PBMAC1 parameters in PKCS12 MAC verification bsc1256878. - CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing bsc1256876. - CVE-2025-15468: NULL dereference in...

9.8CVSS7AI score0.47621EPSS
Exploits7References10
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:3 a.m.14 views

CMS AuthEnvelopedData Processing May Accept Forged Messages

...

9.1CVSS5.3AI score0.00237EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.15 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

EulerOS Virtualization 2.13.0 : openssl (EulerOS-SA-2026-2412)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...

8.1CVSS9AI score0.01059EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.11 views

openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

9.1CVSS5.4AI score0.00237EPSS
Exploits0References4
OSV
OSV
added 2026/06/11 12:42 p.m.6 views

SUSE-SU-2026:22132-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698. - CVE-2026-7383:...

9.1CVSS6.9AI score0.02719EPSS
Exploits0References24
Rows per page
Query Builder