Lucene search
K

151 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-41412

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS0.00464EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2 days ago5 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References7
CVE
CVE
added 2 days ago8 views

CVE-2026-55952

Summary: The Erlang/OTP ssl module is vulnerable to a TLS 1.3 denial of service due to a mismatch between PSK identity list and binder list lengths in the ClientHello extension. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with unequal identities/binders is passed ...

8.2CVSS5.9AI score0.00464EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 2:17 p.m.11 views

JLSEC-2026-518

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

7.4CVSS7.1AI score0.17507EPSS
Exploits3References20
OSV
OSV
added 2026/03/03 3:52 p.m.2 views

SUSE-SU-2026:0790-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...

10CVSS6AI score0.00765EPSS
Exploits1References5
Amazon
Amazon
added 2026/02/19 12:0 a.m.15 views

Medium: containerd

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS6AI score0.01945EPSS
Exploits2
Amazon
Amazon
added 2026/02/19 12:0 a.m.8 views

Medium: oci-add-hooks

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS5.7AI score0.01945EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.10 views

Amazon Linux 2023 : docker (ALAS2023-2026-1376)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1376 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS5.7AI score0.01945EPSS
Exploits2References10
Amazon
Amazon
added 2026/02/18 12:0 a.m.9 views

Medium: runc

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS8.3AI score0.01945EPSS
Exploits2
Amazon
Amazon
added 2026/02/18 12:0 a.m.10 views

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS8.3AI score0.01945EPSS
Exploits2
SUSE Linux
SUSE Linux
added 2026/02/11 8:32 a.m.5 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session tick...

9.6CVSS5.7AI score0.00765EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2026/02/05 6:16 p.m.8 views

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS6.8AI score0.00765EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/02/05 5:48 p.m.5 views

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

10CVSS6.9AI score0.00765EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.4 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2026-1370)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1370 advisory. net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processe...

10CVSS7.8AI score0.01945EPSS
Exploits2References10
SUSE Linux
SUSE Linux
added 2026/01/22 12:13 p.m.4 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. CVE-2025-68119: cmd/go: unexpected code execution when invoking...

7.6CVSS6.4AI score0.01945EPSS
Exploits2References26
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.10 views

Golang 1.25.x < 1.25.6 Multiple Vulnerabilities

The version of Golang running on the remote host is 1.25.x prior to 1.25.6. It is, therefore, affected by multiple vulnerabilities as referenced in advisory. - bypass of flag sanitization can lead to arbitrary code execution. CVE-2025-61731 - unexpected code execution when invoking toolchain...

10CVSS8AI score0.01945EPSS
Exploits2References13
RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.10 views

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

5.9CVSS6.8AI score0.01801EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15206

Malware in sbrugna...

5.9CVSS5.9AI score0.01065EPSS
Exploits0References2
Rows per page
Query Builder