|
351
|
- |
|
-
|
-
|
Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relation…
New
|
-
|
CVE-2026-11852
|
2026-06-10 19:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)
processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK
cipher can trigger a heap out-of-bounds read in…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9076
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
8.1 |
HIGH
Network
|
-
|
-
|
Issue summary: A signed integer overflow when sizing the destination
buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap
buffer overflow.
Impact summary: A heap buffer overflow may…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-7383
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
4.8 |
MEDIUM
Network
|
-
|
-
|
Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV
(RFC 8452) mishandle the authentication of AAD (Additional Authenticated
Data) with an empty ciphertext allowing a forgery of …
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-45446
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: When an application drives an AES-OCB context through the
public EVP_Cipher() one-shot interface, the application-supplied
initialisation vector (IV) is silently discarded.
Impact sum…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-45445
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an
application to validate a crafted e-mail address, such as during S/MIME
message validation, an out of bounds read can happen.
Imp…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42771
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
3.7 |
LOW
Network
|
-
|
-
|
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)
peer key, the peer key is not properly checked for the subgroup membership.
Impact summary: A malicious peer which present…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-42770
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key update Certificate Management Protocol (CMP)
message response rendered the certificate validation inef…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42769
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
3.7 |
LOW
Network
|
-
|
-
|
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to
Bleichenbacher-style attack when an attacker is able to provide the CMS or
S/MIME messages and observe the error code and/…
New
|
CWE-514
|
CVE-2026-42768
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
server could trigger a NULL pointer dereference in a CMP client application.
Impact summary: A NULL pointer dereference ca…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42767
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
