GHSA-7X9R-WCGG-W86F Hashicorp Boundary workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes

Boundary Community Edition and Boundary Enterprise "Boundary" workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...

CVE-2018-10432

Pexip Infinity before 18 allows Remote Denial of Service TLS handshakes in RTMP...

CVE-2006-3411

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys...

CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

EUVD-2020-27083

Malware in sbrugna...

EUVD-2006-3407

Malware in sbrugna...

EUVD-2021-10321

Malware in sbrugna...

EUVD-2018-2504

Malware in sbrugna...

EUVD-2022-52460

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-7744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL formerly CyaSSL before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem CRT process when allowing ephemeral key...

Ubuntu 25.04 : CRaC JDK 17 vulnerabilities (USN-7672-1)

The remote Ubuntu 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7672-1 advisory. It was discovered that the 2D component of CRaC JDK 17 did not properly manage memory under certain circumstances. An attacker could possibly use this issue ...

USN-7673-1: CRaC JDK 21 vulnerabilities

It was discovered that the 2D component of CRaC JDK 21 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-30749, CVE-2025-50106 VMashroor Hasan Bhuiyan discovered that the JSSE...

USN-7669-1: OpenJDK 24 vulnerabilities

It was discovered that the 2D component of OpenJDK 24 did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2025-30749, CVE-2025-50106 Mashroor Hasan Bhuiyan discovered that the JSSE...

CVE-2021-23218

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service...

Alibaba Cloud Linux 3 : 0152: go-toolset:rhel8 (ALINUX3-SA-2022:0152)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0152 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-1705: Acceptance of some invalid...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to the use of insufficiently random values in Golang (CVE-2022-30629)

Summary Golang is used by IBM Storage Fusion Data Foundation as part of the operator's intrinsic functionality. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2022-30629. Vulnerability Details CVEID:CVE-2022-30629 DESCRIPTION:...

RHEL 8 : ior (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - golang: crypto/elliptic: incorrect operations on the P-224 curve CVE-2021-3114 - Non-random values for...

Fedora 40 : chisel (2023-b29031a7aa)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b29031a7aa advisory. Automatic update for chisel-1.9.0-1.fc40. Changelog Sun Aug 20 2023 Filipe Rosset - 1.9.0-1 - Update to 1.9.0 fixes rhbz2113146 rhbz2163065...

BIT-GOLANG-2022-30629 Session tickets lack random ticket_age_add in crypto/tls

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

USN-6038-2: Go vulnerabilities

USN-6038-1 fixed several vulnerabilities in Go 1.18. This update provides the corresponding updates for Go 1.13 and Go 1.16. CVE-2022-29526 and CVE-2022-30630 only affected Go 1.16. Original advisory details: It was discovered that the Go net/http module incorrectly handled Transfer-Encoding...