DEBIAN-CVE-2025-65501

Null pointer dereference in coapdtlsinfocallback in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSLgetappdata returns NULL...

DEBIAN-CVE-2025-65496

NULL pointer dereference in coapdtlsgeneratecookie in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetSSLCTX to return NULL...

PT-2025-47912

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

PT-2025-47911

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

PT-2025-47914

NULL pointer dereference in coap dtls generate cookie in src/coap openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL get SSL CTX to return NULL...

CVE-2025-65498

CVE-2025-65498 affects libcoap (core library) with a NULL pointer dereference in coap_dtls_generate_cookie() (src/coap_openssl.c) of libcoap 4.3.5, allowing remote attackers to cause a denial of service during a crafted DTLS handshake when SSL_get_SSL_CTX() returns NULL. Public references list li...

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

EUVD-2025-37477

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48397

The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS 7.3.0.SCP004...

CVE-2025-48397

The CVE-2025-48397 issue affects Eaton Brightlayer Software Suite (BLSS). A privileged user could log in without sufficient credentials after enabling an application protocol. This vulnerability is fixed in the latest script patch, BLSS version 7.3.0.SCP004. Remediation is to upgrade to 7.3.0.SCP...

PT-2025-44758

Name of the Vulnerable Software and Affected Versions Eaton BLSS versions prior to 7.3.0.SCP004 Description A privileged user could log in without sufficient credentials after enabling an application protocol. Recommendations Update to version 7.3.0.SCP004 or later...

Eaton Brightlayer Software Suite 安全漏洞

Eaton Brightlayer Software Suite is a digital infrastructure management software suite from Eaton Corporation USA. A security vulnerability exists in Eaton Brightlayer Software Suite version 7.3.0.SCP004, which originates from a privileged user being able to log in without sufficient credentials...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

EUVD-2025-36737

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

CVE-2025-58189

CVE-2025-58189 : IBM bulletin details this vulnerability: when Conn.Handshake fails during ALPN negotiation, the error may include attacker-controlled data (the client-sent ALPN protocols) and is not escaped. This can reveal sensitive info in logs. CVSS v3.1 base score 5.3 (Network, Low/None impa...

Improper Encoding or Escaping of Output

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:When Conn.Handshake fails during ALPN negotiation, the error contains attacker-controlled information the AL...