3 matches found
Microsoft Visual Studio Products (April 2026)
The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by a denial of service vulnerability: - In Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
GHSA-3Q49-H8F9-9FR9 Missing TLS certificate verification
Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...