Lucene search
K

3598 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday2 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.8AI score0.00765EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.6CVSS5.8AI score0.00685EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago4 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00312EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2 days ago4 views

net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS

A flaw was found in the Ruby net-imap library. When upgrading a cleartext IMAP connection to TLS using the Net::IMAPstarttls method, the library improperly handles certain responses received during STARTTLS negotiation. A man-in-the-middle MITM attacker can inject a predicted tagged OK response...

7.6CVSS5.7AI score0.00312EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-55962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-12245

A flaw was found in NSD. When NSD is configured with DNS over TLS DoT, a remote attacker can exploit a vulnerability by performing a TLS action and then prematurely closing the connection. This action causes the server process to crash and restart. By repeatedly exploiting this flaw, an attacker...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-12490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a provide-xfr is given with a tls-auth-name, a secondary requesting a transfer should provide a client certificate with that name. However, no client...

8.2CVSS5.8AI score0.00139EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-48930

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6AI score0.00405EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-48618

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS6.9AI score0.00674EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-47778 Envoy: Embedded NUL in TLS DNS SAN Truncation in the Default TLS Certificate Validator. (Auth Bypass)

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a structural flaw was identified in DefaultCertValidator::verifySubjectAltName where the extracted DNS SAN string is cast to a C-style string using .cstr before bei...

4.4CVSS0.00212EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 6 days ago7 views

CVE-2026-52974

A flaw was found in the Linux kernel's network Transport Layer Security TLS module. Specifically, a memory leak occurs during the setup of receive offload when a particular function fails. This issue can lead to the gradual consumption of system memory. If exploited repeatedly, this could result ...

7.5CVSS5.8AI score0.00506EPSS
Exploits0References4
Rockylinux
Rockylinux
added 6 days ago6 views

buildah security update

An update is available for buildah. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The buildah package provides a tool for facilitating building OCI container...

9.1CVSS6.8AI score0.00728EPSS
Exploits0
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39627

The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...

7.5CVSS5.8AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS6.1AI score0.00258EPSS
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.5AI score0.00405EPSS
Exploits0
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39575

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS5.8AI score0.00143EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
NVD
NVD
added last week7 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS0.00143EPSS
Exploits0References2
Rows per page
Query Builder