Lucene search
+L

1293 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/09 4:3 p.m.2 views

CVE-2026-39856

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS6AI score0.00143EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/09 4:3 p.m.3 views

CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When processing PE sections for page hashing, the function uses...

5.5CVSS6AI score0.00143EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 3:58 p.m.6 views

EUVD-2026-20944

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 3:58 p.m.14 views

CVE-2026-39855

osslsigncode prior to 2.13 contains an integer underflow in the PE page-hash calculation (pe_page_hash_calc). If SizeOfHeaders (hdrsize) > SectionAlignment (pagesize), hdrsize is subtracted from pagesize without validation, producing a large unsigned length. The code allocates a zero-filled bu...

5.5CVSS6.1AI score0.00143EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/09 3:58 p.m.21 views

CVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash computation code pepagehashcalc. When page hash processing is performed on a PE file, the function...

5.5CVSS0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/09 3:50 p.m.7 views

CVE-2026-39853

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS6.2AI score0.00163EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/09 3:50 p.m.20 views

CVE-2026-39853

osslsigncode contains a stack buffer overflow in its signature verification paths (PE, MSI, CAB, script) when verifying PKCS#7 signatures. During digest copy from SpcIndirectDataContent into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes), the code does not validate the source length...

7.8CVSS6.2AI score0.00163EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.9 views

PT-2026-31643

osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS7 signature, the code copies the digest value from a parsed...

7.8CVSS6.2AI score0.00163EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.12 views

osslsigncode 缓冲区错误漏洞

Osslsigncode is a small tool developed by Michał Trojnara as an individual developer. It implements some functions of the Microsoft tool signtool.exe. Versions of Osslsigncode prior to 2.13 contained a buffer error vulnerability. This vulnerability stemmed from the PE page hash calculation code; ...

5.5CVSS6AI score0.00143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-39855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an integer underflow vulnerability exists in osslsigncode version...

5.5CVSS6AI score0.00143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-39856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of- bounds read vulnerability exists in osslsigncode version...

5.5CVSS5.9AI score0.00143EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/03 12:0 a.m.9 views

Security update for osslsigncode (critical)

openSUSE Security Update: Security update for osslsigncode Announcement ID: openSUSE-SU-2026:0115-1 Rating: critical References: 1260680 Cross-References: CVE-2025-70888 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description: This...

9.8CVSS6.2AI score0.00482EPSS
Exploits0References1
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.178 views

HTTP Fetch, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTP server. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/http/x86/peinject/reversetcpallports msf payloadreversetcpallports show actions ...actions... msf payloadreversetcpallports s...

6AI score
Exploits0
F5 Networks
F5 Networks
added 2026/02/24 7:47 p.m.10 views

K000160136: Binutils vulnerability CVE-2025-66863

Security Advisory Description An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. CVE-2025-66863 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisor...

7.5CVSS5.5AI score0.00323EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/01/30 5:15 p.m.200 views

ShellExploit

This project is no longer supported PowerSploit is a col...

6.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/12/31 12:23 a.m.6 views

SUSE CVE-2025-66862

A buffer overflow vulnerability in function gnuspecial in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

7.5CVSS7.1AI score0.00318EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/31 12:23 a.m.3 views

SUSE CVE-2025-66863

An issue was discovered in function ddiscriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

7.5CVSS6.8AI score0.00323EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2025/12/31 12:23 a.m.4 views

SUSE CVE-2025-66866

An issue was discovered in function dabitags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

7.5CVSS6.8AI score0.00279EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/12/30 12:58 p.m.12 views

CVE-2025-66861

A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger an out-of-bounds read in the dunqualifiedname function in the cp-demangle.c file, causing a crash and resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the...

3.3CVSS6AI score0.00123EPSS
Exploits1References4
EUVD
EUVD
added 2025/12/29 6:30 p.m.3 views

EUVD-2025-205614

An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

6.2AI score0.00204EPSS
Exploits1References2
Rows per page
Query Builder