Lucene search
K

107 matches found

Vulnrichment
Vulnrichment
added 2026/02/11 9:7 p.m.6 views

CVE-2026-26014 Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a...

5.9CVSS5.6AI score0.00619EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : wireshark-1.8.10-17.AXS4 (AXSA:2015-372:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-372:01 advisory. Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library,...

5CVSS6.3AI score0.046EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/11/28 4:1 p.m.5 views

CVE-2025-65498

A flaw was found in libcoap. A remote attacker can cause a denial of service via a NULL pointer dereference due to improper handling of the return values of OpenSSL functions during DTLS Datagram Transport Layer Security operations...

4.3CVSS6.5AI score0.00226EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/24 3:30 p.m.4 views

EUVD-2025-198712

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS6.1AI score0.00226EPSS
Exploits0References3
OSV
OSV
added 2025/11/24 2:15 p.m.1 views

DEBIAN-CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

4.3CVSS5.3AI score0.00226EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 3:59 p.m.5 views

JLSEC-2025-218 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

9.1CVSS6.9AI score0.01831EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-29190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinit...

7.5CVSS7.2AI score0.01484EPSS
Exploits0References2
OSV
OSV
added 2024/05/15 1:15 p.m.4 views

CVE-2023-6324

ThroughTek Kalay SDK uses a predictable PSK value in the DTLS session when encountering an unexpected PSK identity...

8.8CVSS6AI score0.00712EPSS
Exploits1References1
OSV
OSV
added 2023/12/22 11:6 a.m.4 views

OESA-2023-1941 erlang security update

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson. Security Fixes: In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, a...

9.8CVSS7AI score0.01167EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/12/19 12:0 a.m.9 views

The vulnerability of the implementations of DTLS (Datagram Transport Layer Security) and SRTP protocols in Asterisk IP-telephony management systems and Certified Asterisk allows a attacker to induce a service failure.

The vulnerability of DTLS and SRTP protocols for Asterisk IP-telephony systems and Certified Asterisk arises from the behavior of the message processing mechanism during ClientHello messages. Exploiting this vulnerability allows a malicious actor to cause service failures...

7.8CVSS6.6AI score0.05338EPSS
Exploits2References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/10/11 12:0 a.m.8 views

The vulnerability of the Mbed TLS software lies in errors during encryption processing in DTLS connections, allowing attackers to execute arbitrary code.

The vulnerability of the Mbed TLS software is related to errors in encryption processing in DTLS connections when using zero-key encryption or RC4 encryption. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS7.6AI score0.00783EPSS
Exploits0References5Affected Software3
OSV
OSV
added 2023/09/09 11:5 a.m.14 views

OESA-2023-1617 openjdk-11 security update

The OpenJDK runtime environment. Security Fixes: An issue was discovered in function ciMethodBlocks::makeblockat in Oracle JDK HotSpot VM 11, 17 and OpenJDK HotSpot VM 8, 11, 17, allows attackers to cause a denial of service.CVE-2022-40433 Vulnerability in the Oracle Java SE, Oracle GraalVM...

5.9CVSS7.3AI score0.02474EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2023/05/03 2:5 p.m.5 views

scandium: Failing DTLS handshakes may cause throttling to block processing of records

A flaw was found in the Eclipse Californium Scandium package. This issue occurs when failing handshakes don't clean up counters for throttling, causing the threshold to be reached without being released again, resulting in a denial of service. An attacker could submit a high quantity of server...

8.2CVSS5.7AI score0.00553EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.3 views

SUSE CVE-2014-3505

Double free vulnerability in d1both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service application crash via crafted DTLS packets that trigger an error condition...

5CVSS8.4AI score0.4334EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 5:25 a.m.3 views

SUSE CVE-2014-8176

The dtls1clearqueues function in ssl/d1lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a deni...

7.5CVSS7.7AI score0.16587EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.6 views

SUSE CVE-2020-11501

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks...

7.4CVSS8.3AI score0.03388EPSS
Exploits0References53
RedHat Linux
RedHat Linux
added 2023/01/23 10:44 p.m.5 views

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS7.3AI score0.01836EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/01/23 10:40 p.m.6 views

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS7.3AI score0.01836EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/01/23 10:40 p.m.6 views

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS7.3AI score0.01836EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/01/18 11:4 a.m.8 views

OpenJDK: handshake DoS attack against DTLS connections (JSSE, 8287411)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS7.3AI score0.01836EPSS
Exploits0References4
Rows per page
Query Builder