11 matches found
Unity Linux 20.1060a / 20.1070a Security Update: grafana (UTSA-2026-007107)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007107 advisory. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: grafana-pcp (UTSA-2026-006199)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006199 advisory. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
FreeBSD : oauth2-proxy -- multiple vulnerabilities (10319b08-f050-4beb-95e3-fe025cdafd25)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 10319b08-f050-4beb-95e3-fe025cdafd25 advisory. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields...
CLSA-2026-1772457417 grafana: Fix of CVE-2025-68121
CVE-2025-68121: rebuild with golang 1.25.7 to fix resumption of session in crypto/tls with ClientCAs or RootCAs fields mutated after initial handshake...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
CVE-2025-68121 Unexpected session resumption in crypto/tls
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...