CVE-2025-15615

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

CVE-2025-15615 Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

CVE-2025-15615 Wazuh Manager authd service Improper SSL/TLS Renegotiation Handling leading to Denial of Service

Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...

MiracleLinux 3 : openssl097a-0.9.7a-9.AXS3.2 (AXSA:2010-157:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-157:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

MiracleLinux 3 : openssl-0.9.8e-12.AXS3.6 (AXSA:2010-154:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-154:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

MiracleLinux 3 : httpd-2.2.3-31.2.1AXS3 (AXSA:2009-424:03)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-424:03 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. Security bugs fixed with this release: CVE-2009-3094 The approxyftphandle...

MiracleLinux 3 : gnutls-1.4.1-3.8.0.1.AXS3 (AXSA:2010-153:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-153:01 advisory. The GNU TLS library implements TLS and support for cryptographic algorithms. Security issues fixed with this releasse: CVE-2009-3555 The TLS protocol...

Keycloak TLS Client-Initiated Renegotiation Denial of Service

Keycloak is vulnerable to a Denial of Service DoS attack due to the default JDK setting that permits Client-Initiated Renegotiation in TLS 1.2. An unauthenticated remote attacker can repeatedly initiate TLS renegotiation requests to exhaust server CPU resources, making the service unavailable...

PT-2025-44075

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description Keycloak is susceptible to a Denial of Service DoS attack. This is due to a default Java Development Kit JDK setting that allows Client-Initiated Renegotiation within the TLS 1.2 protocol. A...

keycloak: Keycloak TLS Client-Initiated Renegotiation Denial of Service

A flaw was found in Keycloak. This vulnerability allows an unauthenticated remote attacker to cause a denial of service DoS by repeatedly initiating TLS 1.2 client-initiated renegotiation requests to exhaust server CPU resources, making the service unavailable...

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.16 Update

New Red Hat build of Keycloak 26.0.16 packages are available from the Customer Portal Red Hat build of Keycloak 26.0.16 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

EUVD-2013-6461

Malware in sbrugna...

EUVD-2024-2200

Malicious code in bioql PyPI...

EUVD-2025-15123

Malicious code in bioql PyPI...

EUVD-2022-39040

Malicious code in bioql PyPI...

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint port 4200 permits client-initiated renegotiation. In this scenario, an attacker can exploit this feature to repeatedly request renegotiation of security parameter...

Hitachi Energy RTU500 安全漏洞

Hitachi Energy RTU500 is a series of industrial control components from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Energy RTU500 that stems from a renegotiation of an open IEC61850 TLS connection in a specific time scenario could affect availability...

CVE-2024-23556 HCL BigFix Platform is impacted by a failure to restrict SSL/TLS renegotiation

SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability...

Important: edk2

Issue Overview: A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp function, could cause the application, compiled with openssl to crash resulting in a denial of service. The highest threat from this vulnerability is to...

CVE-2022-36324

Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack...