Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 12:44 p.m.17 views

CVE-2026-42009

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37962

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.8AI score0.01836EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/04 9:8 a.m.7 views

EUVD-2026-26926

A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in mergehandshakepacket where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the messagelength field remains...

7.5CVSS6.1AI score0.01263EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-5264

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow...

9.8CVSS6AI score0.00446EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/09 9:31 p.m.5 views

EUVD-2026-21180

In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wcAriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is...

6CVSS5.9AI score0.00264EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/28 4:13 p.m.4 views

CVE-2025-65499

A flaw was found in libcoap. A remote attacker can cause a denial of service via a NULL pointer dereference due to improper handling of the return values of OpenSSL functions during DTLS Datagram Transport Layer Security operations...

4.3CVSS6.5AI score0.00226EPSS
Exploits0References2
OSV
OSV
added 2025/11/24 2:15 p.m.2 views

DEBIAN-CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

4.3CVSS5.3AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/24 12:0 a.m.8 views

PT-2025-47914

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

6.7AI score0.00226EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-3660

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.0183EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...

6.3CVSS6.9AI score0.02357EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/12/07 8:0 a.m.6 views

Improper (D)TLS key boundary enforcement

...

5.3CVSS6AI score0.00513EPSS
Exploits0
Debian
Debian
added 2024/02/26 9:38 a.m.24 views

[SECURITY] [DLA 3740-1] gnutls28 security update

Debian LTS Advisory DLA-3740-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 26, 2024 https://wiki.debian.org/LTS Package : gnutls28 Version : 3.6.7-4+deb10u12 CVE ID : CVE-2024-0553 Debian Bug : 1061046 Hubert Kario discovered that GnuTLS, a portable...

7.5CVSS6.7AI score0.01614EPSS
Exploits1
0day.today
0day.today
added 2023/12/29 12:0 a.m.507 views

FreeSWITCH 1.10.10 Denial Of Service Vulnerability

When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...

7.5CVSS5.6AI score0.01485EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/12/15 12:0 a.m.401 views

RTPEngine mr11.5.1.6 Denial Of Service

RTPEngine susceptible to Denial of Service via DTLS Hello packets during call initiation - Fixed versions: mr12.1.1.2, mr12.0.1.3, mr11.5.1.16, mr10.5.6.3, mr10.5.6.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2023-03-rtpengine-dtls-hello-race - Vendor...

7.4AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.4 views

SUSE CVE-2016-2179

The DTLS implementation in OpenSSL before 1.1.0 does not properly restrict the lifetime of queue entries associated with unused out-of-order messages, which allows remote attackers to cause a denial of service memory consumption by maintaining many crafted DTLS sessions simultaneously, related to...

7.5CVSS8AI score0.26559EPSS
Exploits1References19
NVD
NVD
added 2022/05/21 12:15 a.m.12 views

CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

7.5CVSS0.01484EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/05/21 12:15 a.m.23 views

CVE-2022-29189

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

5.3CVSS6.3AI score0.0183EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/05/21 12:15 a.m.28 views

CVE-2022-29222

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection...

7.5CVSS7.1AI score0.00702EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2022/05/21 12:15 a.m.24 views

CVE-2022-29190

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

7.5CVSS7.1AI score0.01484EPSS
Exploits0References7
CVE
CVE
added 2022/05/21 12:0 a.m.75 views

CVE-2022-29222

CVE-2022-29222 affects Pion DTLS (Go) prior to v2.1.5. A DTLS server could accept a client certificate without the client proving possession of the corresponding private key, making the provided certificate untrustworthy while the connection remains otherwise secure. Publicly documented details c...

7.5CVSS6.4AI score0.00702EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder