Lucene search
K

13 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/06/25 8:16 p.m.5 views

CVE-2026-6678

Integer underflow in wcPKCS7DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption...

5.3CVSS5.8AI score0.0019EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.10 views

CVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

8CVSS6.2AI score0.00175EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/11 8:2 a.m.5 views

Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo

...

7.5CVSS5.8AI score0.00805EPSS
Exploits0
NVD
NVD
added 2026/04/09 11:17 p.m.12 views

CVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

8CVSS0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 11:17 p.m.6 views

DEBIAN-CVE-2026-5295

A stack buffer overflow exists in wolfSSL's PKCS7 implementation in the wcPKCS7DecryptOri function in wolfcrypt/src/pkcs7.c. When processing a CMS EnvelopedData message containing an OtherRecipientInfo ORI recipient, the function copies an ASN.1-parsed OID into a fixed 32-byte stack buffer...

8CVSS5.7AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 10:53 p.m.20 views

CVE-2026-5295

The CVE describes a stack buffer overflow in wolfSSL’s PKCS7 code (wc_PKCS7_DecryptOri() in wolfcrypt/src/pkcs7.c) when handling CMS EnvelopedData with an OtherRecipientInfo (ORI) recipient. A parsed OID longer than 32 bytes is copied into a fixed 32-byte stack buffer (oriOID[MAX_OID_SZ]) without...

8CVSS6.3AI score0.00175EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.9 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the US company wolfSSL, designed for developers working with embedded systems. There is a security vulnerability in wolfSSL, which stems from the PKCS7 implementation in the wcPKCS7DecryptOri function. This...

8CVSS6AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 12:0 a.m.3 views

UBUNTU-CVE-2026-28389

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denial of...

7.5CVSS5.4AI score0.00805EPSS
Exploits0References5
OSV
OSV
added 2021/01/26 6:15 p.m.2 views

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...

6.1CVSS6.3AI score0.0066EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/01/26 5:15 p.m.17 views

CVE-2020-23447

newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settle. Users only need to write xss payload in their address information when buying goods, which is triggered when viewing the "View Recipient Information" of this order in "Order Management Office"...

6AI score0.0066EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/01/26 12:0 a.m.10 views

newbee-mall 跨站脚本漏洞

newbee-mall is an e-commerce system. A cross-site scripting vulnerability exists in newbee-mall 1.0, where a user only needs to write an xss payload in the address information when purchasing a product, and the vulnerability is triggered when viewing the "View Recipient Information" of the order ...

6.1CVSS6.2AI score0.0066EPSS
Exploits1References2
Rows per page
Query Builder