Lucene search
+L

52 matches found

RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.12 views

openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 1:34 p.m.12 views

CVE-2026-42767

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

5.9CVSS5.4AI score0.00349EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.22 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
OSV
OSV
added 2026/06/09 5:17 p.m.11 views

ALPINE-CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 4:3 p.m.3 views

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS7.1AI score0.00349EPSS
Exploits0References8
CVE
CVE
added 2026/06/09 4:3 p.m.49 views

CVE-2026-42767

The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...

5.9CVSS5.6AI score0.00349EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.37 views

CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

0.00349EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42767

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47837

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...

7.5CVSS5.5AI score0.00513EPSS
Exploits0References123
Github Security Blog
Github Security Blog
added 2026/03/19 4:27 p.m.10 views

step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)

Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...

10CVSS6.4AI score0.00296EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/12/01 12:0 a.m.12 views

PUB-A-422442679

In ssDecodeLcsAssistDataReqMsgvoid of ssLcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8CVSS7.3AI score0.0011EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/10 12:0 a.m.13 views

CVE-2025-63288

In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service...

0.0031EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2015-5357

Malware in sbrugna...

7.5CVSS7.6AI score0.02311EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/06 3:13 a.m.7 views

CVE-2021-35074

Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...

8.4CVSS7.3AI score0.00188EPSS
Exploits0References1
OSV
OSV
added 2024/09/23 9:15 p.m.7 views

UBUNTU-CVE-2024-42861

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...

7.5CVSS5.8AI score0.01557EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.5 views

Callback Widget Cross-Site Scripting Vulnerability

PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A cross-site scripting vulnerability exists in PHPJabbers Callback Widget version v1.0, which stems from cross-site scripting XSS in the value-text-osmsemailrequestmessage parameter of ndex.php...

6.1CVSS6AI score0.00388EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/10 12:0 a.m.7 views

PT-2023-25530 · Phpjabbers · Phpjabbers Callback Widget

Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the value-text-o sms email request message parameters of index.php. This allows for potential malicious script execution. Recommendations: For...

6.1CVSS6.1AI score0.00388EPSS
Exploits0References7
NVD
NVD
added 2023/06/06 8:15 a.m.25 views

CVE-2022-40536

Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network...

7.5CVSS7.6AI score0.00399EPSS
Exploits0References1
NVD
NVD
added 2023/06/06 8:15 a.m.24 views

CVE-2022-33264

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...

7.9CVSS8.2AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/06 7:38 a.m.42 views

CVE-2022-33264 Stack-based buffer overflow in Modem

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...

7.9CVSS8.4AI score0.00115EPSS
Exploits0References1
Rows per page
Query Builder