CVE-2026-42770

A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX X9.42 peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This...

CVE-2026-42769

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

CVE-2026-42768

A flaw was found in OpenSSL's CMSdecrypt and PKCS7decrypt functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME...

CVE-2026-42767

A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol CMP server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format CRMF CertRepMessage with a specific malformed EncryptedValue...

CVE-2026-42764

A flaw was found in the OpenSSL QUIC Quick UDP Internet Connections server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server...

CVE-2026-45446

A flaw was found in OpenSSL. The implementations of AES-SIV Advanced Encryption Standard - SIV and AES-GCM-SIV Advanced Encryption Standard - Galois/Counter Mode - SIV incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages...

CVE-2026-42766

A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax CMS decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional...

CVE-2026-9076

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

CVE-2026-34180

A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an...

CVE-2026-45445

A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface EVPCipher will have their provided Initialization Vector IV silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the...

CVE-2026-34183

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

CVE-2026-7383

A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application ...

CVE-2026-34182

A flaw was found in OpenSSL's Cryptographic Message Services CMS AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity...

MGASA-2026-0189 Updated libssh packages fix security vulnerabilities

CVE-2025-4877 Write beyond bounds in binary to base64 conversion functions CVE-2025-4878 Use of uninitialized variable in privatekeyfromfile CVE-2025-5318 Likely read beyond bounds in sftp server handle management CVE-2025-5351 Double free in functions exporting keys CVE-2025-5372 sshkdf returns ...

CVE-2026-42765

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611...

CVE-2026-34180

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-16 16:20:37+00:00| seen|...

CVE-2026-7383

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-16 06:37:07+00:00| seen|...

CVE-2026-45445

creationtimestamp| type| source ---|---|--- 2026-06-10 04:55:50+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-in-openssl-1 2026-06-10 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/openssl-multiple-vulnerabilities20260611 2026-06-23 12:01:24+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-42764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation...

EulerOS 2.0 SP13 : openssl (EulerOS-SA-2026-2306)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData messagex000D with KeyAgreeRecipientInfo a NULL pointer dereference can happen.x00...