|
11
|
5.9
-
|
MEDIUM
Network
|
Issue summary: A specially crafted password-encrypted CMS message
can trigger a NULL pointer dereference during CMS decryption.
Impact summary: This NULL pointer dereference leads to an application …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42766
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zq 1.1.1zh 3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 03:25
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
7.5
-
|
HIGH
Network
|
Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42765
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.6.0
|
|
|
3.6.3
|
2026-06-16 03:14
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
7.5
-
|
HIGH
Network
|
Issue summary: Receiving a QUIC initial packet with an invalid token may
trigger a NULL pointer dereference in the OpenSSL QUIC server with
address validation disabled.
Impact summary: NULL pointer …
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42764
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.5.0 3.6.0
|
|
|
3.5.7 3.6.3
|
2026-06-16 03:25
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
5.0
-
|
MEDIUM
Network
|
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering
a crafted response through the status_request extension, triggering a
double-free in the client's certificate verificatio…
|
CWE-415
Double Free
|
CVE-2026-35188
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.6.0
|
|
|
3.6.3
|
2026-06-16 03:12
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
7.5
-
|
HIGH
Network
|
Issue summary: Remote peer may exhaust heap memory of the QUIC
server or client by flooding it with packets containing PATH_CHALLENGE
frames.
Impact summary: A malicious remote peer can cause an unb…
|
CWE-1325
Improperly Controlled Sequential Memory Allocation
|
CVE-2026-34183
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.4.0 3.5.0 3.6.0
|
|
|
3.4.6 3.5.7 3.6.3
|
2026-06-16 03:12
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
9.1
-
|
CRITICAL
Network
|
Issue Summary: Cryptographic Message Services (CMS) processing fails to perform
sufficient input validation on the cipher and tag length fields of
AuthEnvelopedData containers, leading to various pot…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34182
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 03:13
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
7.4
-
|
HIGH
Network
|
Issue Summary: The PKCS#12 file processing fails to perform sufficient input
validation for files that use Password-Based Message Authentication Code 1
(PBMAC1) integrity mechanism allowing a certifi…
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-34181
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
3.4.0 3.5.0 3.6.0
|
|
|
3.4.6 3.5.7 3.6.3
|
2026-06-16 03:13
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
7.5
-
|
HIGH
Network
|
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platfo…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34180
|
cpe:2.3:a:openssl:openssl:4.0.0:- cpe:2.3:a:openssl:openssl:*:*
|
1.0.2 1.1.1 3.0.0 3.4.0 3.5.0 3.6.0
|
|
|
1.0.2zq 1.1.1zh 3.0.21 3.4.6 3.5.7 3.6.3
|
2026-06-16 03:13
2026-06-10
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
7.5
-
|
HIGH
Network
|
Issue summary: Applications using RSASVE key encapsulation to establish
a secret encryption key can send contents of an uninitialized memory buffer to
a malicious peer.
Impact summary: The uninitial…
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-31790
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.3.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
|
2026-04-24 00:39
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
9.8
-
|
CRITICAL
Network
|
Issue summary: Converting an excessively large OCTET STRING value to
a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
Impact summary: A heap buffer overflow may lead to a cr…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31789
|
cpe:2.3:a:openssl:openssl:*:*
|
3.0.0 3.3.0 3.4.0 3.5.0 3.6.0
|
|
|
3.0.20 3.3.7 3.4.5 3.5.6 3.6.2
|
2026-04-24 00:39
2026-04-8
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|