719 matches found
EUVD-2026-18064
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
DEBIAN-CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
UBUNTU-CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
TencentOS Server 3: osbuild-composer (TSSA-2026:0204)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0204 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: git-lfs (TSSA-2026:0203)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0203 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
PT-2026-29611
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
CVE-2026-34873
Summary: CVE-2026-34873 affects Mbed TLS 3.5.0–4.0.0, enabling client impersonation during TLS 1.3 session resumption. Impact (per CVE): Confidentiality and integrity may be affected (CRITICAL/9.1 CVSS). Root cause (as described): vulnerability arises during TLS 1.3 session resumption with the Mb...
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...
CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
CVE-2026-34873
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...
RHEL 9 : OpenShift Container Platform 4.19.27 (RHSA-2026:5876)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5876 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
RLSA-2026:5146 Important: yggdrasil security update
yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fixes: crypto/x509: golang: Denial of Service due to...
yggdrasil security update
An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list yggdrasil is a system daemon that subscribes to topics on an MQTT broker a...