Lucene search
+L

379 matches found

osv
osv
added 2 days ago2 views

OPENSUSE-SU-2026:21341-1 Security update for go1.26

This update for go1.26 fixes the following issues - Update to version go1.26.5 bsc1255111. - CVE-2026-39822: os: Root escape via symlink plus trailing slash bsc1271014. - CVE-2026-42505: crypto/tls: omit PSK in ECH outer client hello bsc1271015...

7.8CVSS6.1AI score0.00413EPSS
Exploits0References7
osv
osv
added 3 days ago4 views

OPENSUSE-SU-2026:21324-1 Security update for go1.25

This update for go1.25 fixes the following issues - Update to version go1.25.12 bsc1244485. - CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. - CVE-2026-27139: os: FileInfo can escape from a Root bsc1259268. - CVE-2026-27142: html/template: URLs in meta content...

7.8CVSS6.1AI score0.0052EPSS
Exploits0References13
redhatcve
redhatcve
added 2026/07/09 2:57 p.m.8 views

CVE-2026-42505

A flaw was found in the crypto/tls package in Go. Handshakes utilizing Encrypted Client Hello ECH could lead to de-anonymization by a passive network observer. This is due to the disclosure of pre-shared key identities within the unencrypted client hello, allowing an attacker to potentially link...

5.3CVSS5.8AI score0.00413EPSS
Exploits0References7
nvd
nvd
added 2026/07/08 5:17 p.m.9 views

CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS0.00413EPSS
Exploits0References4
osv
osv
added 2026/07/08 3:46 p.m.4 views

CVE-2026-42505 Invoking Encrypted Client Hello privacy leak in crypto/tls

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References7
euvd
euvd
added 2026/07/08 3:46 p.m.4 views

EUVD-2026-42317

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS5.9AI score0.00413EPSS
Exploits0References4
cve
cve
added 2026/07/08 3:46 p.m.24 views

CVE-2026-42505

CVE-2026-42505 describes a privacy leakage in handshakes using Encrypted Client Hello (ECH) , where a passive observer can de-anonymize connections due to disclosure of pre-shared key (PSK) identities in the unencrypted ClientHello. The vulnerability is documented across multiple sources (NVD, EU...

5.3CVSS5.9AI score0.00413EPSS
Exploits0References4Affected Software1
alpinelinux
alpinelinux
added 2026/07/08 3:46 p.m.4 views

CVE-2026-42505

Handshakes which used Encrypted Client Hello could be de-anonymized by a passive network observer due to a disclosure of pre-shared key identities in the unencrypted client hello...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References4
osv
osv
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2821 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.6AI score0.03782EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/07/03 10:16 a.m.9 views

CVE-2026-55952

A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...

8.2CVSS6AI score0.00487EPSS
Exploits0References10
nessus
nessus
added 2026/07/03 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-55952

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References3
nvd
nvd
added 2026/07/02 5:17 p.m.8 views

CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS0.00487EPSS
Exploits0References7
osv
osv
added 2026/07/02 5:17 p.m.12 views

UBUNTU-CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References12
cvelist
cvelist
added 2026/07/02 4:6 p.m.38 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS0.00487EPSS
Exploits0References7
osv
osv
added 2026/07/02 4:6 p.m.4 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References11
osv
osv
added 2026/07/02 4:6 p.m.5 views

EEF-CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

Summary The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tls\handshake\1\3:handle\pre\shared\key/3, an OfferedPreSharedKeys...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/07/02 4:6 p.m.11 views

CVE-2026-55952 TLS 1.3 server denial of service via malformed ClientHello pre-shared key extension

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References7
cve
cve
added 2026/07/02 4:6 p.m.23 views

CVE-2026-55952

Summary: The Erlang/OTP ssl module is vulnerable to a TLS 1.3 denial of service due to a mismatch between PSK identity list and binder list lengths in the ClientHello extension. In tls_handshake_1_3:handle_pre_shared_key/3, an OfferedPreSharedKeys record with unequal identities/binders is passed ...

8.2CVSS5.9AI score0.00487EPSS
Exploits0References7Affected Software2
attackerkb
attackerkb
added 2026/07/01 1:45 p.m.6 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS6AI score0.00239EPSS
Exploits0References2Affected Software1
redhat
redhat
added 2026/06/29 3:13 p.m.12 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
Rows per page
Query Builder