Openresty_jll
JLSEC-2026-277High 7.5Issue summary: Applications using RSASVE key encapsulation to establish a secret encrypti…JLSEC-2026-276Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string…JLSEC-2026-275High 7.5No summary availableJLSEC-2026-274High 7.5Issue summary: During processing of a crafted CMS EnvelopedData message with...JLSEC-2026-273High 7.5No summary availableJLSEC-2026-272No summary availableJLSEC-2026-271High 7.5Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key…JLSEC-2026-480Low 2.9zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 beca…JLSEC-2026-270Medium 5.3Issue summary: A type confusion vulnerability exists in the signature verification of sig…JLSEC-2026-269Medium 5.5Issue summary: An invalid or NULL pointer dereference can happen in an application proces…JLSEC-2026-265High 7.5Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer dereference…JLSEC-2026-264High 7.5Issue summary: A type confusion vulnerability exists in the TimeStamp Response verificati…JLSEC-2026-263High 7.4Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously crafted PKCS#1…JLSEC-2026-262Medium 4.0Issue summary: When using the low-level OCB API directly with AES-NI or<br>other hardware…JLSEC-2026-261Medium 4.7Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering…JLSEC-2026-256High 8.8Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parame…JLSEC-2026-266High 7.5No summary availableJLSEC-2026-248Medium 4.1Issue summary: A timing side-channel which could potentially allow recovering the private…JLSEC-2026-251High 7.5Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause memory to be a…JLSEC-2026-254Medium 4.3Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit v…JLSEC-2026-252Critical 9.1Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty suppo…JLSEC-2026-249Medium 5.9Issue summary: Some non-default TLS server configurations can cause unbounded memory grow…JLSEC-2026-247Medium 5.5Null pointer dereference in PKCS12 parsingJLSEC-2026-244Medium 5.3Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.…JLSEC-2026-479No summary availableJLSEC-2026-3The HTTP/2 protocol allows a denial of service (server resource consumption) because requ…JLSEC-2026-242High 7.8Issue summary: The POLY1305 MAC (message authentication code) implementation contains a b…JLSEC-2026-241Medium 5.3Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact s…JLSEC-2026-239Medium 6.5Issue summary: Processing some specially crafted ASN.1 object identifiers or data contain…JLSEC-2026-237Medium 5.3The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certi…JLSEC-2026-236Medium 5.3Applications that use a non-default option when verifying certificates may be vulnerable …JLSEC-2026-235High 7.5A security vulnerability has been identified in all supported versions of OpenSSL related…JLSEC-2026-234High 7.4Vulnerable OpenSSL included in cryptography wheelsJLSEC-2026-233High 7.5openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`JLSEC-2026-232High 7.5openssl-src contains Double free after calling `PEM_read_bio_ex`JLSEC-2026-231Medium 5.9openssl-src subject to Timing Oracle in RSA DecryptionJLSEC-2026-478No summary availableJLSEC-2026-230AES OCB fails to encrypt some bytesJLSEC-2026-229Critical 9.8In addition to the c_rehash shell command injection identified in CVE-2022-1292, further.…JLSEC-2026-228Critical 9.8The c_rehash script does not properly sanitise shell metacharacters to prevent command in…JLSEC-2026-477No summary availableJLSEC-2026-227openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificatesJLSEC-2026-226There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC alg…JLSEC-2026-225High 7.4Read buffer overruns processing ASN.1 stringsJLSEC-2026-222Integer Overflow in openssl-srcJLSEC-2026-221High 7.5Integer Overflow in openssl-srcJLSEC-2026-220The X.509 GeneralName type is a generic type for representing different types of names. O…JLSEC-2026-177No summary availableJLSEC-2026-216There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiati…