Lucene search
K

30 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.5 views

RHCOS 4 : OpenShift Container Platform 4.11.5 (RHSA-2022:6535)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:6535 advisory. - golang: crypto/tls: session tickets lack random ticketageadd CVE-2022-30629 Note that Nessus has not tested for this issue but has instead...

3.1CVSS7AI score0.0088EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/23 1:58 p.m.4 views

Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

5.3CVSS6.8AI score0.02557EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : skopeo-1.11.2-0.1.el9 (AXSA:2023-5634:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5634:02 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session tickets lack random...

5.3CVSS7.8AI score0.05623EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : buildah-1.29.1-1.el9 (AXSA:2023-5642:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5642:02 advisory. golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session...

5.3CVSS7.8AI score0.05623EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/03/28 12:0 a.m.25 views

Amazon Linux 2 : nginx (ALASNGINX1-2025-008)

The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...

5.3CVSS5.6AI score0.02557EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/25 12:0 a.m.14 views

Debian dla-4091 : libnginx-mod-http-auth-pam - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4091 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4091-1 [email protected]...

5.7CVSS7.2AI score0.02557EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/02/07 9:13 a.m.14 views

CVE-2025-23419

A flaw was found in nginx. When name-based virtual hosts are configured to share the same IP address and port combination with TLS 1.3 and OpenSSL, a previously authenticated attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

4.3CVSS4.7AI score0.02557EPSS
Exploits0References4
OSV
OSV
added 2025/02/07 7:15 a.m.32 views

BIT-NGINX-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS4.9AI score0.02557EPSS
Exploits0References4
OSV
OSV
added 2025/02/05 6:15 p.m.25 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2025/02/05 6:15 p.m.6 views

UBUNTU-CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS6.9AI score0.02557EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2025/02/05 5:31 p.m.22 views

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

5.3CVSS7.4AI score0.02557EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/02/05 12:0 a.m.18 views

PT-2025-5738

Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...

5.3CVSS8.3AI score0.02557EPSS
Exploits0References157
Vulnrichment
Vulnrichment
added 2022/08/09 8:17 p.m.2 views

CVE-2022-30629 Session tickets lack random ticket_age_add in crypto/tls

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

5.8AI score0.0088EPSS
Exploits1References5
OSV
OSV
added 2022/06/16 9:5 p.m.7 views

MGASA-2022-0231 Updated golang packages fix security vulnerability

crypto/tls: session tickets lack random ticketageadd. Session tickets generated by crypto/tls did not contain a randomly generated ticketageadd. This allows an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

3.1CVSS6.3AI score0.0088EPSS
Exploits1References4
OSV
OSV
added 2022/06/07 2:34 p.m.6 views

SUSE-SU-2022:2004-1 Security update for go1.17

This update for go1.17 fixes the following issues: Update to go1.17.11 released 2022-06-01 bsc1190649: - CVE-2022-30634: Fixed crypto/rand rand.Read hangs with extremely large buffers bsc1200134. - CVE-2022-30629: Fixed crypto/tls session tickets lack random ticketageadd bsc1200135. -...

7.8CVSS6.5AI score0.0187EPSS
Exploits2References10
CNNVD
CNNVD
added 2022/06/02 12:0 a.m.3 views

Google Golang 安全特征问题漏洞

Google Golang is a static, strongly typed, compiled language from Google.The syntax of Go is close to C, but with differences in variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages with a...

3.1CVSS7.1AI score0.0088EPSS
Exploits1References37
OSV
OSV
added 2022/02/01 1:15 p.m.3 views

UBUNTU-CVE-2021-43848

h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation of h2o can be misguided to treat uninitialized memory as HTTP/3 frames that have been received. Whe...

7.4CVSS6.3AI score0.02667EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/02/01 12:0 a.m.6 views

h2o 安全漏洞

h2o is a new generation of HTTP server. Not only is it very fast compared to older generation HTTP servers, but it also provides faster responses to end users. A security vulnerability exists in h2o, which stems from the fact that when QUIC frames are received in a particular order, h2o's HTTP/3...

7.4CVSS6AI score0.02667EPSS
Exploits1References3
OSV
OSV
added 2021/04/01 6:15 p.m.3 views

ALPINE-CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

3.7CVSS6.9AI score0.03141EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2019/10/10 4:54 a.m.40 views

CVE-2016-6302

An integer underflow flaw leading to a buffer over-read was found in the way OpenSSL parsed TLS session tickets. A remote attacker could use this flaw to crash a TLS server using OpenSSL if it used SHA-512 as HMAC for session tickets...

5CVSS3.4AI score0.26441EPSS
Exploits1References2
Rows per page
Query Builder