|
1
|
7.5
-
|
HIGH
Network
|
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)
processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK
cipher can trigger a heap out-of-bounds read in…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9076
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zq 1.1.1zh 3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:45
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
8.1
-
|
HIGH
Network
|
Issue summary: A signed integer overflow when sizing the destination
buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap
buffer overflow.
Impact summary: A heap buffer overflow may…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7383
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zq 1.1.1zh 3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:46
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
8.8
-
|
HIGH
Network
|
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.
Impact summary: A use-after-free may result in process crashes…
|
CWE-416
Use After Free
|
CVE-2026-45447
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zq 1.1.1zh 3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:56
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
4.8
-
|
MEDIUM
Network
|
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV
(RFC 8452) mishandle the authentication of AAD (Additional Authenticated
Data) with an empty ciphertext allowing a forgery of …
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-45446
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:57
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
7.5
-
|
HIGH
Network
|
Issue summary: When an application drives an AES-OCB context through the
public EVP_Cipher() one-shot interface, the application-supplied
initialisation vector (IV) is silently discarded.
Impact sum…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-45445
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:57
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
6.2
-
|
MEDIUM
Local
|
Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an
application to validate a crafted e-mail address, such as during S/MIME
message validation, an out of bounds read can happen.
Imp…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42771
|
cpe:2.3:a:openssl:openssl:4.0.0:-
|
|
|
|
|
2026-06-16 11:57
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
3.7
-
|
LOW
Network
|
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)
peer key, the peer key is not properly checked for the subgroup membership.
Impact summary: A malicious peer which present…
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-42770
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:58
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
5.3
-
|
MEDIUM
Network
|
Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key update Certificate Management Protocol (CMP)
message response rendered the certificate validation inef…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42769
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.4.0 3.5.0 3.6.0
|
|
|
3.4.6 3.5.7 3.6.3
|
2026-06-16 03:26
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
3.7
-
|
LOW
Network
|
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to
Bleichenbacher-style attack when an attacker is able to provide the CMS or
S/MIME messages and observe the error code and/…
|
CWE-514
Covert Channel
|
CVE-2026-42768
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.4.0 3.5.0 3.6.0
|
|
|
3.4.6 3.5.7 3.6.3
|
2026-06-16 11:58
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
5.9
-
|
MEDIUM
Network
|
Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
server could trigger a NULL pointer dereference in a CMP client application.
Impact summary: A NULL pointer dereference ca…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42767
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 11:58
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|