52 matches found
openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption
A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...
CVE-2026-42767
A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...
EUVD-2026-35484
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
ALPINE-CVE-2026-42767
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
CVE-2026-42767
The CVE-2026-42767 issue affects the OpenSSL CMP client: processing a CRMF CertRepMessage with EncryptedValue where symmAlg has an OID but no parameters can trigger a NULL pointer dereference, crashing the CMP client and enabling DoS. The vulnerability is due to improper handling during CMP respo...
CVE-2026-42767 NULL Pointer Dereference in CRMF EncryptedValue Decryption
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
CVE-2026-42767
Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...
PT-2026-47837
Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur in a CMP client application when processing a crafted CMP response. An attacker controlling a CMP server or acting as a man-in-the-middle can send a CRMF...
step-ca has Unauthenticated Certificate Issuance via SCEP UpdateReq (MessageType=18)
Summary An attacker can force a Step CA SCEP provisioner to create certificates without completing certain protocol authorization checks. Details SCEP requests carry a message type. On receipt of a SCEP request, Step CA starts processing it by parsing its contents. Message types that were...
PUB-A-422442679
In ssDecodeLcsAssistDataReqMsgvoid of ssLcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-63288
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service...
EUVD-2015-5357
Malware in sbrugna...
CVE-2021-35074
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile...
UBUNTU-CVE-2024-42861
An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted PdelayReq message to the time synchronization function...
Callback Widget Cross-Site Scripting Vulnerability
PHPJabbers Callback Widget is a simple PHP script that places a discreet callback button on a website. A cross-site scripting vulnerability exists in PHPJabbers Callback Widget version v1.0, which stems from cross-site scripting XSS in the value-text-osmsemailrequestmessage parameter of ndex.php...
PT-2023-25530 · Phpjabbers · Phpjabbers Callback Widget
Name of the Vulnerable Software and Affected Versions: PHPJabbers Callback Widget version 1.0 Description: There is a Cross Site Scripting XSS issue in the value-text-o sms email request message parameters of index.php. This allows for potential malicious script execution. Recommendations: For...
CVE-2022-40536
Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network...
CVE-2022-33264
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...
CVE-2022-33264 Stack-based buffer overflow in Modem
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message...