1572 matches found
CVE-2026-45446 vulnerabilities
Vulnerabilities for packages: libcrypto3-2.34, openssl...
CVE-2026-42765 vulnerabilities
Vulnerabilities for packages: libcrypto3-2.34, openssl...
CVE-2026-42770 vulnerabilities
Vulnerabilities for packages: openssl-provider-fips-3.6.0, openssl-provider-fips, openssl-provider-fips-3.1.2, openssl, libcrypto3-2.34...
CVE-2026-42769
A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...
CVE-2026-9076
A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...
CVE-2026-45445
creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-23 12:01:24+00:00| seen|...
CVE-2026-34180
creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-16 16:20:37+00:00| seen|...
CVE-2026-7383
creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-16 06:37:07+00:00| seen|...
Linux Distros Unpatched Vulnerability : CVE-2026-42768
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...
Missing Cryptographic Step
Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 provider cipher implementations. An attacker can forge an empty message with arbitrary AAD under a key they do not know, because the expected tag is computed on...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in kekunwrapkey in the CMS component. An attacker supplying malicious CMS data can select a stream-mode KEK cipher via the OID in the PWRI keyEncryptionAlgorithm, defeating the block-length minimum-length guard so tha...
CVE-2026-7383
Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...
ALPINE-CVE-2026-7383
Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...
CVE-2026-45446
Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...
CVE-2026-45446
CVE-2026-45446 concerns OpenSSL implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452). The root cause is that the expected authentication tag is computed only when the decryption function processes non-empty data; if a caller provides AAD and then invokes DecryptFinal without any ciphe...
CVE-2026-7383
The CVE concerns OpenSSL’s ASN1 mbstring handling (functions ASN1_mbstring_copy() and ASN1_mbstring_ncopy()). A signed integer overflow in sizing the destination buffer for Unicode output can cause a heap buffer overflow, potentially crashing a process or enabling attacker-controlled code executi...
OpenSSL 加密问题漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
OpenSSL 4.0.0 < 4.0.1 Multiple Vulnerabilities
The version of OpenSSL installed on the remote host is prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 4.0.1 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2026-2221)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the require...