206 matches found
CVE-2026-1677
CVE-2026-1677 concerns Zephyr: sockets created with IPPROTO_TLS_1_3 may still negotiate TLS 1.2 when both TLS versions are enabled, because socket‑level protocol selection isn’t propagated to mbedTLS (e.g., via mbedtls_ssl_conf_min_tls_version). The ClientHello can advertise both TLS 1.2 and TLS ...
PT-2026-39574
Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...
SUSE CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
UBUNTU-CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-27017
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
CVE-2026-27017
CVE-2026-27017 affects the uTLS fork of crypto/tls ( Versions 1.6.0–1.8.0 ) with GREASE ECH, causing a fingerprint mismatch with Chrome due to inconsistent cipher-suite selection between the outer ClientHello and ECH. Specifically, uTLS hardcodes AES for the outer cipher suite while randomly sele...
CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch
uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...
PT-2026-20995
Name of the Vulnerable Software and Affected Versions uTLS versions 1.6.0 through 1.8.0 Description uTLS is a customized version of crypto/tls designed for fingerprinting resistance during the handshake process. Versions 1.6.0 through 1.8.0 exhibit a fingerprint mismatch with Chrome when utilizin...
EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2291)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...
EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2259)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...
CVE-2025-55081
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
EUVD-2025-34608
In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...
EUVD-2014-0658
Malware in sbrugna...
EUVD-2019-5366
Malware in sbrugna...
EUVD-2014-0878
Malware in sbrugna...
EUVD-2011-4285
Malware in sbrugna...
EUVD-2018-18400
Malware in sbrugna...