Lucene search
K

442 matches found

RedHat Linux
RedHat Linux
added yesterday8 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added yesterday7 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added yesterday4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
OSV
OSV
added last week6 views

GHSA-V3Q9-HJ7J-63HQ aiosmtplib vulnerable to SMTP command injection via CR/LF in sender/recipient address

Summary aiosmtplib's SMTP.mail, SMTP.rcpt, SMTP.vrfy and SMTP.expn send the caller-supplied email address to the server without rejecting embedded CR/LF \r\n bytes. An address that contains a CR/LF is written verbatim onto the SMTP control connection, so the bytes after the CRLF are framed by the...

6.9CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added last week5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS5.9AI score0.00805EPSS
Exploits0References10
OSV
OSV
added 2026/07/06 8:56 p.m.5 views

CVE-2026-33734 FOSSBilling has improper SQL neutralization in `Massmailer` recipient filters

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a SQL injection vulnerability in the Massmailer module filter functionality. An authenticated administrator can supply crafted filter values when updating a mass email message, causing...

6.9CVSS6AI score0.00218EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/07/06 8:58 a.m.5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS7AI score0.00805EPSS
Exploits0References10
NVD
NVD
added 2026/06/25 9:16 p.m.5 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 p.m.2 views

DEBIAN-CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 9:16 p.m.3 views

UBUNTU-CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 8:16 p.m.13 views

CVE-2026-6678

CVE-2026-6678 affects wolfSSL’s wc_PKCS7_DecryptOri function. A crafted Other Recipient Info triggers an integer underflow, causing incorrect length handling during decryption. Impact is described as decryption length mismanagement; no explicit exploitation details are provided in the connected d...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:16 p.m.5 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:16 p.m.5 views

EUVD-2026-39558

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

1CVSS5.8AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 8:16 p.m.24 views

CVE-2026-6678 Integer underflow in wc_PKCS7_DecryptOri handling crafted Other Recipient Info

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

1CVSS0.0019EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 8:16 p.m.5 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, the RSS notifier allowed path traversal in notify-recipient-uri e.g., rss:///../job.cache, enabling a remote IPP client to write RSS XML bytes outside of CacheDir/r...

6.5CVSS6.6AI score0.00406EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

SUSE SLES12 Security Update : openssl-1_0_0 (SUSE-SU-2026:2396-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2396-1 advisory. This update for openssl-100 fixes the following issues - CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion...

8.8CVSS5.9AI score0.02719EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.6 views

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28390)

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:3 a.m.8 views

Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

...

3.7CVSS5.8AI score0.0035EPSS
Exploits0
Rows per page
Query Builder