Lucene search
K

63134 matches found

OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-219 Null pointer deference in openssl-src

Server or client applications that call the SSLcheckchain function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signaturealgorithmscert" TLS extension. The crash occurs if an invalid or unrecognised signature algorithm i...

7.5CVSS6.2AI score0.53336EPSS
Exploits2References42
OSV
OSV
added 2026/04/27 6:33 p.m.8 views

JLSEC-2026-222 Integer Overflow in openssl-src

The OpenSSL public API function X509issuerandserialhash attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field which might occur if the...

5.9CVSS6.3AI score0.07471EPSS
Exploits0References30
OSV
OSV
added 2026/04/27 6:33 p.m.7 views

JLSEC-2026-274 Issue summary: During processing of a crafted CMS EnvelopedData message with...

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References8
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-257 Issue summary: If an application using the SSL_CIPHER_find() function in a QUIC protocol client...

Issue summary: If an application using the SSLCIPHERfind function in a QUIC protocol client or server receives an unknown cipher suite from the peer, a NULL dereference occurs. Impact summary: A NULL pointer dereference leads to abnormal termination of the running process causing Denial of Servic...

5.9CVSS5.3AI score0.00748EPSS
Exploits1References7
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-255 Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation which can trigger a...

Issue summary: PBMAC1 parameters in PKCS12 files are missing validation which can trigger a stack-based buffer overflow, invalid pointer or NULL pointer dereference during MAC verification. Impact summary: The stack buffer overflow or NULL pointer dereference may cause a crash leading to Denial o...

6.1CVSS8.3AI score0.00515EPSS
Exploits1References7
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-265 Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference in the...

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

7.5CVSS7.9AI score0.00844EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.9 views

JLSEC-2026-247 Null pointer dereference in PKCS12 parsing

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates...

5.5CVSS5.4AI score0.03174EPSS
Exploits0References17
OSV
OSV
added 2026/04/27 6:33 p.m.6 views

JLSEC-2026-270 Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS...

Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...

5.3CVSS7.7AI score0.00502EPSS
Exploits1References8
OSV
OSV
added 2026/04/27 6:33 p.m.10 views

JLSEC-2026-269 Issue summary: An invalid or NULL pointer dereference can happen in an application processing a...

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

5.5CVSS6.5AI score0.00144EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2026/04/27 4:59 p.m.5 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35328: infinite loop when handling supported versions TLS extension bsc1261712. CVE-2026-35329: null pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA...

9.2CVSS5.2AI score
Exploits6References28
RedHat Linux
RedHat Linux
added 2026/04/27 2:55 p.m.10 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/27 5:41 a.m.5 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/27 5:38 a.m.6 views

freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()

A null pointer dereference has been discovered in FreeRDP. A NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0...

7.5CVSS5.3AI score0.00467EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/27 5:38 a.m.9 views

Important: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.8CVSS5.8AI score0.00656EPSS
Exploits5References10
EUVD
EUVD
added 2026/04/27 12:0 a.m.6 views

EUVD-2026-25899

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

5.3AI score0.00407EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.34 views

CVE-2026-31256

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

0.00407EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.8 views

Mercury MIPC252W 安全漏洞

The Mercury MIPC252W is a high-definition network monitoring camera from the China Mercury company, capable of wireless connectivity. The version MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n contains a security vulnerability. This vulnerability arises from the RTSP service improperly verifying...

7.5CVSS5.8AI score0.00407EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35507

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

5.3AI score0.00407EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:0 a.m.3 views

CVE-2026-31256

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

5.3AI score0.00407EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/27 12:0 a.m.9 views

CVE-2026-31256

A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is...

5.3AI score0.00407EPSS
Exploits1References1
Rows per page
Query Builder