Lucene search
+L

522 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.9 views

openSUSE 16 Security Update : go1.24 (openSUSE-SU-2026:20077-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20077-1 advisory. Update to go1.24.12 released 2026-01-15 bsc1236217 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the...

10CVSS8.8AI score0.01945EPSS
Exploits2References19
Tenable Nessus
Tenable Nessus
added 2026/01/24 12:0 a.m.4 views

SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0221-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0221-1 advisory. - CVE-2025-14017: Fixed broken TLS options for threaded LDAPS bsc1256105. Tenable has extracted the preceding descripti...

6.3CVSS6.7AI score0.00106EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/23 12:0 a.m.5 views

Oracle Primavera Gateway (January 2026 CPU)

The versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and Engineering component: Admin Apache Log4j. Supported versions that ar...

7.5CVSS6.9AI score0.00756EPSS
Exploits1References4
OSV
OSV
added 2026/01/22 3:53 p.m.4 views

SUSE-SU-2026:20132-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. - CVE-2025-68119: cmd/go: unexpected code execution when invoking...

10CVSS7.7AI score0.01945EPSS
Exploits2References14
OSV
OSV
added 2026/01/22 3:49 p.m.5 views

OPENSUSE-SU-2026:20085-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.6 released 2026-01-15 bsc1244485 Security fixes: - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821. - CVE-2025-68119: cmd/go: unexpected code execution when invoking...

10CVSS6.4AI score0.01945EPSS
Exploits2References13
OSV
OSV
added 2026/01/20 9:16 p.m.6 views

UBUNTU-CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.2AI score0.01056EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.24 views

MiracleLinux 9 : kernel-5.14.0-427.31.1.el9_4 (AXSA:2024-8705:26)

"The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8705:26 advisory. kernel: phy: CVE-2024-26600 kernel: netfilter: multiple flaws CVE-2024-26808, CVE-2024-27065, CVE-2024-35899, CVE-2024-36005 kernel: cifs:...

9.1CVSS6.1AI score0.02701EPSS
Exploits2References44
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : rh-nodejs10-nodejs-10.23.1-2.el7 (AXSA:2021-1479:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1479:01 advisory. libuv: buffer overflow in realpath CVE-2020-8252 nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS...

9.8CVSS7.9AI score0.69062EPSS
Exploits8References11
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.11 views

MiracleLinux 9 : java-11-openjdk-11.0.22.0.7-2.el9.ML.1 (AXSA:2024-7450:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7450:05 advisory. OpenJDK: array out-of-bounds access due to missing range check in C1 compiler 8314468 CVE-2024-20918 OpenJDK: RSA padding issue and timing...

7.4CVSS7.4AI score0.01026EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.7 views

MiracleLinux 8 : bogofilter-1.2.5-2.el8, evolution-data-server-3.28.5-14.el8, evolution-mapi-3.28.3-3.el8, evolution-3.28.5-14.el8, openchange-2.3-26.el8 (AXSA:2021-1388:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1388:01 advisory. evolution-data-server: Response injection via STARTTLS in SMTP and POP3 CVE-2020-14928 Tenable has extracted the preceding description block directly from th...

5.9CVSS5.6AI score0.02808EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in mbedtls

In Mbed TLS versions prior to 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uninitialized stack memory was used to construct the TLS Finished message. This could potentially lead to authentication bypasses, such as replay attacks...

5.4CVSS5.9AI score0.00274EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/13 9:50 a.m.21 views

kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails

A vulnerability was found in tlsdecryptsg in net/tls/tlssw.c in networking subsystem in the Linux Kernel.In this flaw, If it fails to clone of the input skb to hold the reference to the memory it uses may lead a use-after-free...

5.8AI score0.00183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 11:11 a.m.9 views

CVE-2016-10790

cPanel before 60.0.25 does not use TLS for HTTP POSTs to listinput.cpanel.net SEC-192...

7.5CVSS7AI score0.01111EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 10:44 a.m.35 views

CVE-2025-40801

A vulnerability has been identified in COMOS V10.6 All versions V10.6.1, COMOS V10.6 All versions V10.6.1, JT Bi-Directional Translator for STEP All versions, NX V2412 All versions V2412.8900 with Cloud Entitlement bundled as NX X, NX V2506 All versions V2506.6000 with Cloud Entitlement bundled a...

9.2CVSS0.00239EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.10 views

SUSE SLES15 Security Update : kernel (Live Patch 4 for SUSE Linux Enterprise 15 SP7) (SUSE-SU-2025:4311-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:4311-1 advisory. This update for the SUSE Linux Enterprise kernel 6.4.0-150700.53.16 fixes one security issue The following security issue was fixed: - CVE-2025-38616:...

7.1CVSS7.2AI score0.00178EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/11/27 10:4 a.m.6 views

Security update for the Linux Kernel (Live Patch 15 for SUSE Linux Enterprise 15 SP6)

This update for the SUSE Linux Enterprise kernel 6.4.0-150600.23.70 fixes one security issue The following security issue was fixed: CVE-2025-38616: tls: handle data disappearing from under the TLS ULP bsc1249537. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

7.4CVSS6.8AI score0.00178EPSS
Exploits0References4
OSV
OSV
added 2025/11/12 11:15 a.m.16 views

UBUNTU-CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

7.8CVSS6.5AI score0.00157EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-40149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let...

7.8CVSS6.5AI score0.00157EPSS
Exploits0References4
Rosalinux
Rosalinux
added 2025/10/27 6:20 a.m.40 views

Advisory ROSA-SA-2025-3042

Software: gnutls 3.6.16 OS: ROSA Virtualization 3.0 unaffected versions = gnutls-3.6.16-8.0.0.1.rv30.4 affected versions gnutls-3.6.16-8.0.1.1.rv30.4 CVE-ID: CVE-2024-12243 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in GnuTLS when processing ASN.1 data via libtasn1 could result in...

8.2CVSS7AI score0.01245EPSS
Exploits0
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.6 views

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions prior to 3.6.5 that stems from a local timing attack and a direct call to mbedtlsmpimodinv or mbedtlsmpigcd, which could lead to...

6.2CVSS5.8AI score0.00206EPSS
Exploits1References3
Rows per page
Query Builder