|
21
|
7.5
-
|
HIGH
Network
|
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyTransportRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-contr…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28390
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zp 1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
|
2026-04-24 00:39
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
7.5
-
|
HIGH
Network
|
Issue summary: During processing of a crafted CMS EnvelopedData message
with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
Impact summary: Applications that process attacker-controlle…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28389
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zp 1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
|
2026-04-24 00:40
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
7.5
-
|
HIGH
Network
|
Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
is processed a NULL pointer dereference might happen if the required CRL
Number extension is missing.
Impact summary: A …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28388
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zp 1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
|
2026-04-24 00:40
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
8.1
-
|
HIGH
Network
|
Issue summary: An uncommon configuration of clients performing DANE TLSA-based
server authentication, when paired with uncommon server DANE TLSA records, may
result in a use-after-free and/or double-…
|
CWE-416
Use After Free
|
CVE-2026-28387
|
cpe:2.3:a:openssl:openssl:*:*
|
1.1.1 3.0.0 3.3.0 3.4.0 3.5.0 3.6.0
|
|
|
1.1.1zg 3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
|
2026-04-24 00:39
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
9.1
-
|
CRITICAL
Network
|
Issue summary: Applications using AES-CFB128 encryption or decryption on
systems with AVX-512 and VAES support can trigger an out-of-bounds read
of up to 15 bytes when processing partial cipher block…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-28386
|
cpe:2.3:a:openssl:openssl:*:*
|
3.6.0
|
|
|
3.6.2
|
2026-04-25 03:28
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
5.5
-
|
MEDIUM
Local
|
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 forma…
|
NVD-CWE-noinfo
|
CVE-2024-0727
|
cpe:2.3:a:openssl:openssl:3.2.0:- cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.1.0
|
|
|
1.0.2zj 1.1.1x 3.0.13 3.1.5
|
2024-11-21 17:47
2024-01-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
6.5
-
|
MEDIUM
Network
|
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications running
on PowerPC CPU based platforms if the CPU pro…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-6129
|
cpe:2.3:a:openssl:openssl:3.2.0:* cpe:2.3:a:openssl:openssl:*:*
|
3.1.0 3.0.0
|
3.1.4 3.0.12
|
|
|
2024-11-21 17:43
2024-01-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
5.3
-
|
MEDIUM
Network
|
Issue summary: Generating excessively long X9.42 DH keys or checking
excessively long X9.42 DH keys or parameters may be very slow.
Impact summary: Applications that use the functions DH_generate_ke…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2023-5678
|
cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.1.0
|
|
|
1.0.2zj 1.1.1x 3.0.13 3.1.5
|
2024-11-21 17:42
2023-11-7
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
7.5
-
|
HIGH
Network
|
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths. This can lead to potential truncation
or overruns during the initialisation of some symmetri…
|
NVD-CWE-noinfo
|
CVE-2023-5363
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.1.0
|
|
|
3.0.12 3.1.4
|
2024-11-21 17:41
2023-10-26
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
7.8
-
|
HIGH
Local
|
Issue summary: The POLY1305 MAC (message authentication code) implementation
contains a bug that might corrupt the internal state of applications on the
Windows 64 platform when running on newer X86_…
|
NVD-CWE-noinfo
|
CVE-2023-4807
|
cpe:2.3:a:openssl:openssl:*:*
|
3.1.0 3.0.0 1.1.1
|
|
|
3.1.3 3.0.11 1.1.1w
|
2024-11-21 17:36
2023-09-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|