161337 matches found
CVE-2026-42771
CVE-2026-42771 describes a vulnerability in OpenSSL where an internal helper used by X509_VERIFY_PARAM_set1_email/set2_email validates the local part of an email addresses and may not enforce the 64-octet limit, causing an out-of-bounds read. This can lead to a crash (DoS) when an application pro...
CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()
Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...
CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q
Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...
CVE-2026-42770
CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-42764
In OpenSSL’s QUIC server implementation, receiving a QUIC initial packet with an invalid or expired token can trigger a NULL pointer dereference, potentially crashing the server and causing a Denial of Service. The issue occurs when address validation is disabled, specifically when SSL_LISTENER_F...
CVE-2026-42764
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling
Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer dereference typically causes abnormal termination of the affected QUIC server process and a Denial ...
CVE-2026-34181
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34182
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34182 CMS AuthEnvelopedData Processing May Accept Forged Messages
Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...
CVE-2026-34181
The CVE-2026-34181 issue affects PKCS#12 file processing in OpenSSL where insufficient input validation for PBMAC1 allows forging certificates and private keys. An attacker impersonating a user could cause a service that reads PKCS#12 files to accept forged certificates and keys with about a 1 in...
CVE-2026-0420 Missing TLS certificate validation in NETGEAR's ReadyCloud client app
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...
CVE-2026-9212 Insufficient authentication and input validation in certain NETGEAR products
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...
CVE-2026-0420 Missing TLS certificate validation in NETGEAR's ReadyCloud client app
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...
CVE-2026-9212 Insufficient authentication and input validation in certain NETGEAR products
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...
CVE-2026-0420
The CVE-2026-0420 entry describes an improper TLS certificate validation in NETGEAR’s ReadyCloud client app, enabling potential attacker-in-the-middle (MiTM) attacks that compromise confidentiality. Affected component: ReadyCloud client app; root cause: missing/incorrect TLS certificate validatio...
CVE-2026-9212
NETGEAR devices listed (e.g., R6700AX, LBR1020, RBR20, RBS10, RAX120v2, RAX70, RAX36S, RBS50, R9000, RAX120, RBR50, XR500, RAX78, XR450, RBR10, R7800, RBS350, RBS20, RBR40, RBS40, RAX10, LBR20, RBR350) have an issue described as insufficient authentication and input validation. This allows users ...