|
321
|
7.8 |
HIGH
Local
|
-
|
-
|
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
New
|
CWE-284
Improper Access Control
|
CVE-2026-42829
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
322
|
7.8 |
HIGH
Local
|
-
|
-
|
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
New
|
CWE-126
Buffer Over-read
|
CVE-2026-42828
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
323
|
- |
|
-
|
-
|
Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an
application to validate a crafted e-mail address, such as during S/MIME
message validation, an out of bounds read can happen.
Imp…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42771
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
324
|
- |
|
-
|
-
|
Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)
peer key, the peer key is not properly checked for the subgroup membership.
Impact summary: A malicious peer which present…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-42770
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
325
|
- |
|
-
|
-
|
Issue Summary: An error in the callback used to verify the certificate
provided in a Root CA key update Certificate Management Protocol (CMP)
message response rendered the certificate validation inef…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-42769
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
326
|
- |
|
-
|
-
|
Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to
Bleichenbacher-style attack when an attacker is able to provide the CMS or
S/MIME messages and observe the error code and/…
New
|
CWE-514
|
CVE-2026-42768
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
327
|
- |
|
-
|
-
|
Issue summary: An attacker-controlled CMP (Certificate Management Protocol)
server could trigger a NULL pointer dereference in a CMP client application.
Impact summary: A NULL pointer dereference ca…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42767
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
328
|
- |
|
-
|
-
|
Issue summary: A specially crafted password-encrypted CMS message
can trigger a NULL pointer dereference during CMS decryption.
Impact summary: This NULL pointer dereference leads to an application …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42766
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
329
|
- |
|
-
|
-
|
Issue summary: When a partial-chain certificate verification is enabled
together with OCSP response checking for the whole chain, a NULL dereference
will happen if the verified chain does not have a …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42765
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
330
|
- |
|
-
|
-
|
Issue summary: Receiving a QUIC initial packet with an invalid token may
trigger a NULL pointer dereference in the OpenSSL QUIC server with
address validation disabled.
Impact summary: NULL pointer …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42764
|
2026-06-10 02:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
