Lucene search
K

31585 matches found

Snyk
Snyk
added 2026/04/07 11:9 p.m.4 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a specially crafted CMS EnvelopedData message with a missing optional parameters field in the KeyEncryptionAlgorithmIdentifier, leading to ...

8.2CVSS5.8AI score0.00805EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 10:16 p.m.4 views

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS0.00805EPSS
Exploits0References8
OSV
OSV
added 2026/04/07 10:16 p.m.3 views

DEBIAN-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 10:16 p.m.3 views

ALPINE-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6.2AI score0.00885EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 10:0 p.m.29 views

CVE-2026-28389

CVE-2026-28389 describes a NULL pointer dereference in OpenSSL when processing CMS EnvelopedData with KeyAgreeRecipientInfo. If the optional parameters field of KeyEncryptionAlgorithmIdentifier is missing, a NULL dereference can occur, potentially causing DoS via crash during CMS_decrypt() on unt...

7.5CVSS6AI score0.00805EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.8 views

CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS6AI score0.00805EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/07 10:0 p.m.4 views

CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6AI score0.00885EPSS
Exploits0
CVE
CVE
added 2026/04/07 10:0 p.m.37 views

CVE-2026-28388

CVE-2026-28388 describes a NULL pointer dereference in OpenSSL delta-CRL processing when the CRL Number extension is missing. Exploitation requires enabling X509_V_FLAG_USE_DELTAS and the presence of a freshestCRL or EXFLAG_FRESHEST; processing a malformed delta CRL can crash an application, caus...

7.5CVSS6.3AI score0.00885EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/07 6:52 p.m.2 views

SUSE-SU-2026:21062-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/07 3:52 p.m.1 views

NULL Pointer Dereference

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to NULL Pointer Dereference in the clipboard.readImage function when processing malformed clipboard image data...

5CVSS5.9AI score0.00144EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/07 2:57 p.m.2 views

CVE-2026-5745

A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archiveaclfromtextnl function. When processing a malformed ACL string such as a bare "d" or "default" tag without subsequent fields, the function fails to perform...

5.5CVSS5.4AI score0.00163EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/07 12:25 p.m.6 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.5AI score0.00656EPSS
Exploits5References15
OSV
OSV
added 2026/04/07 11:9 a.m.5 views

SUSE-SU-2026:21031-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/04/07 7:47 a.m.8 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.8AI score0.00467EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-28388

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number...

7.5CVSS8.1AI score0.00885EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

OpenSSL 安全漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...

7.5CVSS7.3AI score0.00885EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.7 views

VMware Workstation 17.x, 25H2 < 25H2u1 NULL Pointer Dereference (VMSA-2026-0002)

The version of VMware Workstation installed on the remote host is 17.x, 25H2.x prior to 25H2u1. It is, therefore, affected by a vulnerability: - A malicious actor with authenticated user privileges on a Windows based Workstation host may be able to cause a null pointer dereference error...

6.1CVSS5.9AI score0.00148EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-28389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary:...

7.5CVSS7.8AI score0.00805EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 12:0 a.m.9 views

UBUNTU-CVE-2026-28388

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS6AI score0.00885EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.3 views

OpenSSL Security Advisory 20260407

OpenSSL Security Advisory 20260407 - Applications using RSASVE key encapsulation to establish a secret encryption key can send contents of an uninitialized memory buffer to a malicious peer. Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigge...

7.5CVSS6.1AI score0.00981EPSS
Exploits0
Rows per page
Query Builder