Lucene search
K

153 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:56 a.m.10 views

CVE-2022-38153

An issue was discovered in wolfSSL before 5.5.0 when --enable-session-ticket is used; however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket more than 256 bytes into a...

5.9CVSS6.8AI score0.01801EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15206

Malware in sbrugna...

5.9CVSS5.9AI score0.01065EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-7929

Malware in sbrugna...

6.8CVSS6.9AI score0.03629EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-1566

Malware in sbrugna...

9.3CVSS7.7AI score0.0399EPSS
Exploits1References42
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-40750

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.01801EPSS
Exploits2References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2014-3548

Malicious code in bioql PyPI...

7.1CVSS7.2AI score0.23598EPSS
Exploits0References65
Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.9 views

Siemens SIMATIC S7-1500 and S7-1200 Use After Free (CVE-2021-22901)

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client...

8.1CVSS7.9AI score0.60122EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2026-2480

Name of the Vulnerable Software and Affected Versions Go net/url package affected versions not specified Description The net/url package does not limit the number of query parameters, potentially leading to excessive memory consumption when parsing large URL-encoded forms with many unique query...

9.8CVSS7AI score0.01945EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2024/10/14 1:26 p.m.21 views

CVE-2024-49214

A flaw was found in HAProxy's QUIC listener. This vulnerability can allow an attacker to bypass the IP allow/block list via a spoofed IP address in a 0-RTT session. The attacker could exploit this by obtaining a TLS session ticket using their real IP, then initiating a 0-RTT session with a spoofe...

5.3CVSS6.7AI score0.00502EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/09/09 5:17 p.m.5 views

undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket

A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\r\n termination of the chunked response. This results in uncontrolled resource...

7.5CVSS5.7AI score0.02716EPSS
Exploits0References4
Redos
Redos
added 2024/07/04 12:0 a.m.23 views

ROS-20240704-11

A vulnerability in the GnuTLS cryptographic library is related to the use of incorrect cryptography to encryption of a session ticket. Exploitation of the vulnerability could allow an attacker acting remotely, bypass TLS authentications and gain access to sensitive data...

7.4CVSS6.7AI score0.17507EPSS
Exploits3
OSV
OSV
added 2024/01/09 1:8 p.m.5 views

USN-6038-2 golang-1.13, golang-1.16 vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...

9.8CVSS7.1AI score0.05623EPSS
Exploits6References19
RedHat Linux
RedHat Linux
added 2023/07/06 2:47 a.m.3 views

golang: crypto/tls: session tickets lack random ticket_age_add

A flaw was found in the crypto/tls golang package. When session tickets are generated by crypto/tls, it is missing the ticket expiration. This issue may allow an attacker to observe the TLS handshakes to correlate successive connections during session resumption...

3.1CVSS6.6AI score0.0088EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2023/02/21 7:59 p.m.32 views

K30446705: GnuTLS vulnerability CVE-2020-13777

Security Advisory Description GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until t...

7.4CVSS7.6AI score0.17507EPSS
Exploits3
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.34 views

K21154730: TMM SSL/TLS profile vulnerability CVE-2017-6141

Security Advisory Description Certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel TMM. The Session Ticket option is disabled by default. CVE-2017-6141 Impact The...

5.9CVSS5.8AI score0.01065EPSS
Exploits0Affected Software8
SUSE CVE
SUSE CVE
added 2023/02/15 5:50 a.m.3 views

SUSE CVE-2011-4128

Buffer overflow in the gnutlssessiongetdata function in lib/gnutlssession.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service application crash via a large SessionTicket...

4.3CVSS7.1AI score0.02386EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.5 views

SUSE CVE-2014-3567

Memory leak in the tlsdecryptticket function in t1lib.c in OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j allows remote attackers to cause a denial of service memory consumption via a crafted session ticket that triggers an integrity-check failure...

7.1CVSS8.2AI score0.23598EPSS
Exploits0References16
SUSE CVE
SUSE CVE
added 2023/02/15 5:28 a.m.4 views

SUSE CVE-2014-3616

nginx 0.5.6 through 1.7.4, when using the same shared sslsessioncache or sslsessionticketkey for multiple servers, can reuse a cached SSL session for an unrelated context, which allows remote attackers with certain privileges to conduct "virtual host confusion" attacks...

4.3CVSS7.1AI score0.05654EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.6 views

SUSE CVE-2015-1791

Race condition in the ssl3getnewsessionticket function in ssl/s3clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service double free and application crash or...

6.8CVSS9.1AI score0.15968EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 5:12 a.m.3 views

SUSE CVE-2015-8036

Heap-based buffer overflow in ARM mbed TLS formerly PolarSSL 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service client crash and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handl...

6.8CVSS7.7AI score0.02867EPSS
Exploits0References3
Rows per page
Query Builder