Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.14 views

SUSE CVE-2026-9076

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

3.7CVSS5.7AI score0.00297EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-9076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can...

7.5CVSS5.8AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:31 p.m.20 views

EUVD-2026-35475

Issue summary: When CMS password-based decryption RFC 3211 / PWRI key unwrap processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kekunwrapkey. Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of...

7.5CVSS5.7AI score0.00297EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.8 views

CVE-2026-42766 Possible NULL Dereference in Password-Based CMS Decryption

Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application crash and a Denial of Service. The CMS PasswordRecipientInfo.keyDerivationAlgorithm field is define...

5.5AI score0.00595EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47836

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur during the decryption of password-encrypted Cryptographic Message Syntax CMS messages. The issue arises because the OpenSSL CMS implementation dereference...

9.1CVSS5.5AI score0.02719EPSS
Exploits0References139
RedHat Linux
RedHat Linux
added 2026/05/19 9:12 a.m.11 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6.8AI score0.01744EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/15 4:5 p.m.3 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6AI score0.01744EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.6 views

EulerOS 2.0 SP12 : openssl (EulerOS-SA-2026-1096)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and writ...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/12 2:2 p.m.5 views

Security Bulletin: IBM i is affected by an out-of-bounds read and write in OpenSSL [CVE-2025-9230]

Summary OpenSSL for IBM i is vulnerable to an out-of-bounds read and write when decrypting CMS messages encrypted using password based encryption CVE-2025-9230 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-9230 DESCRIPTION: Issue summary: An application...

7.5CVSS7AI score0.01744EPSS
Exploits0Affected Software6
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.5 views

Amazon Linux 2 : edk2, --advisory ALAS2-2025-3022 (ALAS-2025-3022)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3022 advisory. Issue summary: An application trying to decrypt CMS messages encrypted usingpassword based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a cra...

7.5CVSS6.6AI score0.01744EPSS
Exploits0References4
NVD
NVD
added 2025/09/30 2:15 p.m.4 views

CVE-2025-9230

Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a...

7.5CVSS0.01744EPSS
Exploits0References16
Rows per page
Query Builder