Lucene search
K

713 matches found

EUVD
EUVD
added 5 days ago4 views

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score0.0021EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

7.5CVSS0.0021EPSS
Exploits0References2
CVE
CVE
added 6 days ago12 views

CVE-2026-11703

The CVE-2026-11703 entry describes a vulnerability in stateful (session-ID) TLS resumption where missing SNI/ALPN binding allowed a cached session to be resumed under a different SNI/ALPN than originally negotiated. The root cause is the absence of binding checks for stateful resumption paths, wh...

7.5CVSS5.9AI score0.0021EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago21 views

CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS0.0021EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 6 days ago8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.12.92 packages and security update

Red Hat OpenShift Container Platform release 4.12.92 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a...

10CVSS6.9AI score0.01945EPSS
Exploits3References6
RedHat Linux
RedHat Linux
added 6 days ago5 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-52591

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where SNI Server Name Indication and ALPN Application-Layer Protocol Negotiation bindings are missing during stateful session-ID resumption. This...

7.5CVSS5.7AI score0.0021EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

RHCOS 4 : OpenShift Container Platform 4.13.68 (RHSA-2026:26541)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26541 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

10CVSS7.2AI score0.01945EPSS
Exploits4References14
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

RHCOS 4 : OpenShift Container Platform 4.12.92 (RHSA-2026:26527)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26527 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

10CVSS7AI score0.01945EPSS
Exploits3References12
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.7AI score0.00765EPSS
Exploits1References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux - Vulnerability in Golang-1.19

Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...

7.5CVSS6.8AI score0.01111EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Apache2

In some modssl configurations on the Apache HTTP Server 2.4.35 to 2.4.63, it is possible for trusted clients to bypass access controls using TLS 1.3 session resumption. These configurations are affected when modssl is configured for multiple virtual hosts, with each virtual host restricted to a...

9.1CVSS7.5AI score0.0097EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.13 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.21 views

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.1AI score0.01945EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2026/06/11 1:57 p.m.10 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS7.2AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:53 p.m.6 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS7.2AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:40 p.m.8 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
OSV
OSV
added 2026/06/11 12:41 a.m.13 views

CLEANSTART-2026-OK35650 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succ...

Multiple security vulnerabilities affect the rancher-agent package. During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...

9.8CVSS5.5AI score0.00765EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.13 views

RHEL 9 : skopeo (RHSA-2026:25250)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25250 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

10CVSS5.6AI score0.01945EPSS
Exploits3References12
Rows per page
Query Builder