CVE-2026-50268

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Encryption 4.0.0 through 4.1.0, configuring encrypt:rsa:algorithm=OAEP does not enable OAEP encryption. Due to an incorrect BouncyCastle...

CVE-2026-50268

In Steeltoe, the OAEP misconfiguration affects the package Steeltoe.Configuration.Encryption 4.0.0–4.1.0, where setting encrypt:rsa:algorithm=OAEP does not enable OAEP due to an incorrect BouncyCastle transformation string. As a result, OAEP is effectively PKCS#1 v1.5 padding, the same as DEFAULT...

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

CLSA-2026-1779373661 iperf3: Fix of CVE-2024-26306

CVE-2024-26306: use OAEP padding instead of PKCS1 padding for OpenSSL to address timing side-channel in RSA authentication. Note: peers running patched and unpatched iperf3 will fail to authenticate unless the legacy behavior is explicitly opted into via --use-pkcs1-padding on both ends...

CLSA-2026-1777566580 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

CLSA-2026-1777567430 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

CLSA-2026-1777567181 openssl: Fix of CVE-2026-28390

CVE-2026-28390: fix NULL pointer dereference in rsacmsdecrypt when CMS RSA-OAEP pSourceFunc is missing its parameter...

CLSA-2026-1777541792 Fix CVE(s): CVE-2026-28390

SECURITY UPDATE: NULL dereference in CMS RSA-OAEP decryption when the optional pSourceFunc parameters field is omitted from a KeyTransportRecipientInfo, leading to a denial of service. - debian/patches/CVE-2026-28390.patch: check plab-parameter for NULL before accessing its type field in...

CLSA-2026-1777397374 Fix CVE(s): CVE-2026-28390

SECURITY UPDATE: A NULL pointer dereference in rsacmsdecrypt when processing CMS messages with RSA-OAEP encryption where pSourceFunc is present but its parameters field is absent can trigger a crash, leading to Denial of Service. - debian/patches/CVE-2026-28390.patch: use X509ALGORget0 and...

CLSA-2026-1777393624 Fix CVE(s): CVE-2026-28390

SECURITY UPDATE: NULL dereference in CMS RSA-OAEP decryption when the optional pSourceFunc parameters field is omitted from a KeyTransportRecipientInfo, leading to a denial of service. - debian/patches/CVE-2026-28390.patch: check plab-parameter for NULL before accessing its type field in...

SUSE CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

CVE-2026-28390

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CMSdecrypt function. An attacker can cause a crash by submitting a crafted CMS EnvelopedData message with a missing optional parameters field in the RSA-OAEP SourceFunc algorithm identifier. Notes: - This...

DEBIAN-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

CVE-2026-28390

OpenSSL CVE-2026-28390 describes a NULL pointer dereference when processing CMS EnvelopedData with KeyTransportRecipientInfo using RSA-OAEP, triggered by missing optional RSA-OAEP parameters. The issue allows a crash/Denial of Service when untrusted CMS data is decrypted via CMS_decrypt(). Affect...

PT-2026-31039

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.6 Description Processing a specially crafted CMS EnvelopedData message with KeyTransportRecipientInfo can lead to a NULL pointer dereference. This can cause applications that process attacker-controlled CMS data ...

CVE-2025-68698

Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks. Modern systems should use OAEP Optimal Asymmetric Encryption Padding. This vulnerability is fixed in 2.2...

Security Bulletin: Vulnerabilities in brace-expansion, tmp, urllib3, pycryptodomex and cross-site request forgery might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in brace-expansion, tmp, urllib3, pycryptodomex, and cross-site request forgery. Vulnerabilities include launching remote attacks, arbitrary file and directory writes, obtain sensitive information, disabl...

EUVD-2019-9742

Malware in sbrugna...