Lucene search
K

38 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11703

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session...

7.5CVSS6AI score0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score0.0021EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:17 p.m.4 views

UBUNTU-CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

7.5CVSS5.8AI score0.0021EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/02 2:1 p.m.5 views

CVE-2026-31931

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...

7.5CVSS5.2AI score0.00351EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.6 views

Suricata 代码问题漏洞

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.0 and 8.0.4 had a code vulnerability that could cause Suricata to crash due to a null pointer dereferencing when using the tls.alpn rule keywords...

7.5CVSS5.9AI score0.00351EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/19 8:20 p.m.5 views

CVE-2026-3547

Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled HAVEALPN / --enable-alpn. A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash...

7.5CVSS5.3AI score0.00257EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.6 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 12:48 a.m.7 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/10 12:54 p.m.3 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
OSV
OSV
added 2026/01/20 9:16 p.m.8 views

AZL-75080 CVE-2026-21637 affecting package nodejs for versions less than 20.14.0-13

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.2AI score0.01056EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/20 9:16 p.m.5 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/01/20 8:41 p.m.8 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.3AI score0.01056EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:41 p.m.5 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.5AI score0.01056EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/06 12:58 p.m.5 views

BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.5AI score0.00443EPSS
Exploits0References6
NVD
NVD
added 2025/10/29 11:16 p.m.7 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS0.00443EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/10/29 10:10 p.m.3 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS8.1AI score0.00443EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-16178

Malware in sbrugna...

7.5CVSS7.5AI score0.01766EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/01/09 6:50 a.m.4 views

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

4CVSS7.3AI score0.00226EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/01/09 6:36 a.m.10 views

firefox: Alt-Svc ALPN validation failure when redirected

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site...

4CVSS7.3AI score0.00226EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/27 12:0 a.m.84 views

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / openssl (CVE-2024-5535)

The version of cloud-hypervisor-cvm / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-5535 advisory. - Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
Rows per page
Query Builder