25 matches found
GHSA-8R5M-3F66-QPR3 HashiCorp Vault has Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
Vaultās PKI engineās ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...
CVE-2026-5052
Vaultās PKI engineās ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...
CVE-2026-5052
Vaultās PKI engine ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges, creating potential SSRF and information disclosure against internal targets. The issue affects Vault Community Edition up to 2.0.0 and Vault Enterprise up to 2.0.0, as well as 1.21.5, ...
CVE-2026-5052 Vault Vulnerable to Server-Side Request Forgery in ACME Challenge Validation via Attacker-Controlled DNS
Vaultās PKI engineās ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0,...
Linux Distros Unpatched Vulnerability : CVE-2026-31931
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the tls.alpn rule keyword can cause Suricata to crash with a...
SUSE CVE-2026-31931
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
CVE-2026-31931
A flaw was found in Suricata, a network Intrusion Detection System IDS, Intrusion Prevention System IPS, and Network Security Monitoring NSM engine. An attacker could trigger a null dereference by using the "tls.alpn" rule keyword, causing the Suricata engine to crash. This vulnerability leads to...
CVE-2026-31931
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
CVE-2026-31931 Suricata tls: null dereference in tls.alpn rule keyword
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
EUVD-2026-18237
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
CVE-2026-31931
CVE-2026-31931 affects Suricata (network IDS/IPS/NSM). From version 8.0.0 up to but not including 8.0.4, using the tls.alpn rule keyword can cause a NULL dereference, potentially crashing the process. The issue has been patched in version 8.0.4 . Environment impact is primarily availability (A), ...
CVE-2026-31931
Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, use of the "tls.alpn" rule keyword can cause Suricata to crash with a NULL dereference. This issue has been patched in version 8.0.4...
Suricata 8.x < 8.0.4 NULL Pointer Dereference
The version of OISF Suricata installed on the remote host is 8.x prior to 8.0.4. It is, therefore, affected by a vulnerability: - Use of the 'tls.alpn' rule keyword can cause Suricata to crash with a NULL dereference. CVE-2026-31931 Note that Nessus has not tested for this issue but has instead...
MGASA-2026-0009 Updated nodejs packages fix security vulnerabilities
Node.js HTTP/2 server crashes with unhandled error when receiving malformed HEADERS frame. CVE-2025-59465 Uncatchable "Maximum call stack size exceeded" error on Node.js via asynchooks leads to process crashes bypassing error handlers. CVE-2025-59466 Bypass File System Permissions using crafted...
CVE-2026-22045
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the ACME TLS-ALPN fast path, where unauthenticated clients can exploit it. By initiating numerous connections and sending a minimal ClientHello with "acme-tls/1" before ceasing communication, a...
CVE-2026-22045
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many...
CVE-2026-22045
Summary: CVE-2026-22045 affects Traefikās ACME TLS-ALPN fast path. When ACME TLS challenge is enabled, an unauthenticated client can open many connections and stall the ClientHello with acme-tls/1, causing goroutines and file descriptors to be tied up indefinitely and leading to DoS at the entryp...
CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...
CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up go routines and file descriptors indefinitely when the...