Lucene search
+L

206 matches found

cve
cve
added 2026/05/11 5:52 a.m.29 views

CVE-2026-1677

CVE-2026-1677 concerns Zephyr: sockets created with IPPROTO_TLS_1_3 may still negotiate TLS 1.2 when both TLS versions are enabled, because socket‑level protocol selection isn’t propagated to mbedTLS (e.g., via mbedtls_ssl_conf_min_tls_version). The ClientHello can advertise both TLS 1.2 and TLS ...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References1Affected Software1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.25 views

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References2
susecve
susecve
added 2026/02/21 12:23 a.m.6 views

SUSE CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

5.3CVSS5.7AI score0.00154EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2026/02/20 3:16 a.m.5 views

CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References2
osv
osv
added 2026/02/20 3:16 a.m.6 views

UBUNTU-CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/20 2:47 a.m.4 views

CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

2.3CVSS5.5AI score0.00154EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/20 2:47 a.m.3 views

CVE-2026-27017

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

2.3CVSS5.5AI score0.00154EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/02/20 2:47 a.m.27 views

CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

2.3CVSS0.00154EPSS
Exploits0References1
cve
cve
added 2026/02/20 2:47 a.m.24 views

CVE-2026-27017

CVE-2026-27017 affects the uTLS fork of crypto/tls ( Versions 1.6.0–1.8.0 ) with GREASE ECH, causing a fingerprint mismatch with Chrome due to inconsistent cipher-suite selection between the outer ClientHello and ECH. Specifically, uTLS hardcodes AES for the outer cipher suite while randomly sele...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/02/20 2:47 a.m.10 views

CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

2.3CVSS5.4AI score0.00154EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.9 views

PT-2026-20995

Name of the Vulnerable Software and Affected Versions uTLS versions 1.6.0 through 1.8.0 Description uTLS is a customized version of crypto/tls designed for fingerprinting resistance during the handshake process. Versions 1.6.0 through 1.8.0 exhibit a fingerprint mismatch with Chrome when utilizin...

9.8CVSS5.2AI score0.34346EPSS
Exploits9References123
nessus
nessus
added 2025/10/24 12:0 a.m.3 views

EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2259)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...

8.2CVSS6.7AI score0.0072EPSS
Exploits0References3
nessus
nessus
added 2025/10/24 12:0 a.m.2 views

EulerOS 2.0 SP13 : gnutls (EulerOS-SA-2025-2291)

According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A heap-buffer-overflow off-by-one flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads...

8.2CVSS6.7AI score0.0072EPSS
Exploits0References3
nvd
nvd
added 2025/10/15 11:15 a.m.7 views

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

9.1CVSS0.00345EPSS
Exploits0References1
euvd
euvd
added 2025/10/15 10:46 a.m.6 views

EUVD-2025-34608

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

6.9CVSS6.3AI score0.00345EPSS
Exploits0References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5366

Malware in sbrugna...

10CVSS9.2AI score0.00902EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.9 views

EUVD-2014-5973

Malware in sbrugna...

5CVSS6.4AI score0.01369EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-4285

Malware in sbrugna...

5.8CVSS6.1AI score0.04044EPSS
Exploits0References11
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18400

Malware in sbrugna...

5.3CVSS5.5AI score0.00415EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-2977

Malware in sbrugna...

10CVSS6.4AI score0.02774EPSS
Exploits0References3
Rows per page
Query Builder