|
751
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key update Certificate Management Protocol (CMP)
message response rendered the certificate validation inef…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42769
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
752
|
3.7 |
LOW
Network
|
-
|
-
|
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to
Bleichenbacher-style attack when an attacker is able to provide the CMS or
S/MIME messages and observe the error code and/…
New
|
CWE-514
|
CVE-2026-42768
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
753
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
server could trigger a NULL pointer dereference in a CMP client application.
Impact summary: A NULL pointer dereference ca…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42767
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
754
|
5.9 |
MEDIUM
Network
|
-
|
-
|
Issue summary: A specially crafted password-encrypted CMS message
can trigger a NULL pointer dereference during CMS decryption.
Impact summary: This NULL pointer dereference leads to an application …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42766
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
755
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42765
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
756
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: Receiving a QUIC initial packet with an invalid token may
trigger a NULL pointer dereference in the OpenSSL QUIC server with
address validation disabled.
Impact summary: NULL pointer …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42764
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
757
|
- |
|
-
|
-
|
Issue summary: A malicious server can exploit TLS OCSP stapling by delivering
a crafted response through the status_request extension, triggering a
double-free in the client's certificate verificatio…
New
|
CWE-415
Double Free
|
CVE-2026-35188
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
758
|
7.5 |
HIGH
Network
|
-
|
-
|
Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive
element whose content exceeds 2 gigabytes in length may cause a heap buffer
over-read on 64-bit Unix and Unix-like platfo…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34180
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
759
|
- |
|
-
|
-
|
Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP objec…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-10721
|
2026-06-10 17:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
760
|
- |
|
-
|
-
|
A vulnerability has been found in some Dahua products could
allow an unauthenticated remote attacker to send a specially crafted packet,
triggering an exception that causes the system to reboot unexp…
New
|
CWE-617
Reachable Assertion
|
CVE-2026-29116
|
2026-06-10 16:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
