SUSE CVE-2026-42768

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

CVE-2026-34181

A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS12 Public-Key Cryptography Standards 12 files that use Password-Based Message Authentication Code 1 PBMAC1 with short HMAC Hash-based Message Authentication Code keys. This can lead to a service accepting...

Linux Distros Unpatched Vulnerability : CVE-2026-34181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1...

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value in PBMAC1PBKDF2HMAC. A user can craft an unencrypted PKCS12 file that uses PBMAC1 authentication specifying a one-byte HMAC key, causing a service that authenticates incoming files by passwor...

CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()

Issue summary: The CMSdecrypt and PKCS7decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/or decryption output. Impact summary: The Bleichenbacher-style attack allows an attacker to use the...

CVE-2026-42768

The CVE-2026-42768 issue concerns Bleichenbacher-style side-channel attacks against CMS_decrypt() and PKCS7_decrypt() in OpenSSL. The vulnerability arises when processing CMS or S/MIME messages with multiple RecipientInfo entries (KTRI). In variant 1, decryption is attempted without a recipient c...

CVE-2026-34181

Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...

OpenSSL 资源管理错误漏洞

OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...

JLSEC-2026-576

A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service...

EulerOS Virtualization 2.13.0 : shim (EulerOS-SA-2026-2190)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impac...

SUSE-SU-2026:2115-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short ciphertexts bsc1263715. - CVE-2026-5419: gnutlscipherdecrypt3: make PKCS7 unpadding...

CVE-2026-5260

A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure...

gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling

A flaw was found in gnutls. An off-by-one error exists in the PKCS12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of...

CVE-2026-48850

PuTTY 0.72 before 0.84 has a double free in RSA KEX...

[SECURITY] Fedora 42 Update: nss-3.123.1-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

AI-Driven Adaptive Adversaries and the Erosion of Cryptographic Trust in Public Key Systems

This paper examines the erosion of Public Key Cryptography PKC security under adaptive adversarial optimisation driven by artificial intelligence. The problem addressed is the growing mismatch between algorithm-centric cryptographic security models and operational attack realities, where...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2025-11187...