392 matches found
CVE-2026-1677
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
CVE-2026-1677
Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...
CVE-2026-29129
A flaw was found in Apache Tomcat. This vulnerability occurs when the configured cipher preference order is not preserved. This could allow an attacker to bypass intended security configurations, potentially leading to a weakened security posture or information disclosure. Mitigation Configure...
EUVD-2026-9008
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
CVE-2026-1626
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
CVE-2026-1626
Technical details about CVE-2026-1626 are not publicly provided in the supplied documents. No specifics on affected products, versions, root cause, or remediation are included. Monitor for updates from official sources.
CVE-2026-1626
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
PT-2026-22320
An attacker may exploit the use of weak CBC-based cipher suites in the device’s SSH service to potentially observe or manipulate parts of the encrypted SSH communication, if they are able to intercept or interact with the network traffic...
CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
TestSSL 3.2.3
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...
OpenSSL security vulnerabilities
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...
CVE-2022-27581
Use of a Broken or Risky Cryptographic Algorithm in SICK RFU61x firmware version...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gnutls (UTSA-2025-990960)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990960 advisory. A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite. Tenable has extracted the preceding description block directly fro...
curl: Incorrect sizeof() in Rustls Backend Memory Allocation
Summary There's a bug in lib/vtls/rustls.c where malloc uses sizeofciphersuites instead of sizeofciphersuites. This allocates memory based on pointer size rather than element size. Steps To Reproduce 1. Look at lib/vtls/rustls.c line 530: c const struct rustlssupportedciphersuite ciphersuites =...
Advisory ROSA-SA-2025-3042
Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...
EUVD-2020-6407
Malware in sbrugna...
EUVD-2018-19670
Malware in sbrugna...
EUVD-2018-7632
Malware in sbrugna...