Lucene search
K

23341 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-42767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References4
Debian
Debian
added 2026/06/09 9:45 p.m.17 views

[SECURITY] [DSA 6335-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6335-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 09, 2026 https://www.debian.org/security/faq -...

9.1CVSS5.9AI score0.02268EPSS
Exploits0
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ASN.1 decoder. An attacker can crash the application or cause memory beyond the end of the input buffer to be loaded into the decoded ASN.1 object, by supplying very large input data. Applications that pass...

8.7CVSS5.5AI score0.00513EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.11 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...

9.1CVSS5.3AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the osslcmsRecipientInfopwricrypt function. An attacker who supplies a malicious password-encrypted CMS message can crash an application, because the PasswordRecipientInfo.keyDerivationAlgorithm field is...

8.7CVSS5.3AI score0.00595EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.8 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in PBMAC1PBKDF2HMAC. A user can craft an unencrypted PKCS12 file that uses PBMAC1 authentication specifying a one-byte HMAC key, causing a service that authenticates incoming files by passwor...

7.4CVSS5.3AI score0.00196EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:33 p.m.6 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-OCB provider when an application uses the EVPCipher interface. The handler silently discards the IV, so every message under a given key runs with the all-zero offset state, causing nonce reuse. If...

9.1CVSS5.3AI score0.0032EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.7 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 provider cipher implementations. An attacker can forge an empty message with arbitrary AAD under a key they do not know, because the expected tag is computed on...

8.2CVSS5.5AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.6 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...

8.8CVSS6.2AI score0.02268EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in OSSLCRMFENCRYPTEDVALUEdecrypt. An attacker in a MitM position can return a CRMF CertRepMessage whose EncryptedValue carries a symmAlg field with an algorithm OID but no parameters, dereferencing NULL when the...

8.2CVSS5.3AI score0.00349EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in kekunwrapkey in the CMS component. An attacker supplying malicious CMS data can select a stream-mode KEK cipher via the OID in the PWRI keyEncryptionAlgorithm, defeating the block-length minimum-length guard so tha...

8.2CVSS5.5AI score0.00297EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.11 views

EUVD-2026-35474

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS6.3AI score0.00358EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 6:31 p.m.17 views

EUVD-2026-35475

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35491

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

9.8CVSS5.9AI score0.02268EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35488

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS5.5AI score0.0019EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2026/06/09 6:29 p.m.35 views

USN-8414-2: OpenSSL vulnerabilities

USN-8414-1 fixed several vulnerabilities in OpenSSL. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An...

9.1CVSS6.1AI score0.02268EPSS
Exploits0
NVD
NVD
added 2026/06/09 5:17 p.m.19 views

CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS0.00358EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.4 views

ALPINE-CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS6.3AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS0.0021EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.6 views

ALPINE-CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References1
Rows per page
Query Builder