Lucene search
K

1572 matches found

Chainguard
Chainguard
added 2026/06/11 1:18 p.m.10 views

CVE-2026-45446 vulnerabilities

Vulnerabilities for packages: libcrypto3-2.34, openssl...

4.8CVSS6.4AI score0.0021EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/11 1:18 p.m.12 views

CVE-2026-42765 vulnerabilities

Vulnerabilities for packages: libcrypto3-2.34, openssl...

7.5CVSS6.4AI score0.00419EPSS
Exploits0
Chainguard
Chainguard
added 2026/06/11 1:18 p.m.10 views

CVE-2026-42770 vulnerabilities

Vulnerabilities for packages: openssl-provider-fips-3.6.0, openssl-provider-fips, openssl-provider-fips-3.1.2, openssl, libcrypto3-2.34...

3.7CVSS7AI score0.00259EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 1:34 p.m.13 views

CVE-2026-42769

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.9CVSS5.1AI score0.00262EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 1:26 p.m.9 views

CVE-2026-9076

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5AI score0.00297EPSS
Exploits0References3
Circl
Circl
added 2026/06/10 4:55 a.m.11 views

CVE-2026-45445

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-23 12:01:24+00:00| seen|...

7.5CVSS7.1AI score0.0032EPSS
Exploits0References11
Circl
Circl
added 2026/06/10 4:55 a.m.13 views

CVE-2026-34180

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-16 16:20:37+00:00| seen|...

7.5CVSS7.1AI score0.00513EPSS
Exploits0References15
Circl
Circl
added 2026/06/10 4:55 a.m.11 views

CVE-2026-7383

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-16 06:37:07+00:00| seen|...

8.1CVSS7.1AI score0.00358EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-42768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME...

3.7CVSS5.7AI score0.0035EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 6:33 p.m.11 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value when processing cipher and tag-length fields of CMS AuthEnvelopedData containers. An attacker can bypass message integrity via replay attack. A non AEAD cipher is permitted in...

9.1CVSS5.3AI score0.00237EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.7 views

Missing Cryptographic Step

Overview Affected versions of this package are vulnerable to Missing Cryptographic Step in the AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 provider cipher implementations. An attacker can forge an empty message with arbitrary AAD under a key they do not know, because the expected tag is computed on...

8.2CVSS5.5AI score0.0021EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/09 6:32 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in kekunwrapkey in the CMS component. An attacker supplying malicious CMS data can select a stream-mode KEK cipher via the OID in the PWRI keyEncryptionAlgorithm, defeating the block-length minimum-length guard so tha...

8.2CVSS5.5AI score0.00297EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.22 views

CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS0.00358EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 5:17 p.m.6 views

ALPINE-CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS6.3AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS0.0021EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.73 views

CVE-2026-45446

CVE-2026-45446 concerns OpenSSL implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452). The root cause is that the expected authentication tag is computed only when the decryption function processes non-empty data; if a caller provides AAD and then invokes DecryptFinal without any ciphe...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/09 4:3 p.m.74 views

CVE-2026-7383

The CVE concerns OpenSSL’s ASN1 mbstring handling (functions ASN1_mbstring_copy() and ASN1_mbstring_ncopy()). A signed integer overflow in sizing the destination buffer for Unicode output can cause a heap buffer overflow, potentially crashing a process or enabling attacker-controlled code executi...

8.1CVSS6.3AI score0.00358EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.8 views

OpenSSL 加密问题漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

7.4CVSS5.8AI score0.00196EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.52 views

OpenSSL 4.0.0 < 4.0.1 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 4.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the 4.0.1 advisory. - Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification...

9.1CVSS7.2AI score0.02719EPSS
Exploits0References56
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

EulerOS 2.0 SP11 : openssl (EulerOS-SA-2026-2221)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the require...

8.1CVSS8.3AI score0.00885EPSS
Exploits0References5
Rows per page
Query Builder