CVE-2026-1677 net: TLS 1.2 connections allowed on TLS 1.3 sockets

Zephyr sockets created with IPPROTOTLS13 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtlssslconfmintlsversion. The ClientHello advertises both versions and the peer can...

GHSA-7M29-F4HW-G2VX uTLS has a fingerprint vulnerability from GREASE ECH mismatch for Chrome parrots

There is a fingerprint mismatch with Chrome when using GREASE ECH, having to do with ciphersuite selection. When Chrome selects the preferred ciphersuite in the outer ClientHello and the ciphersuite for ECH, it does so consistently based on hardware support. That means, for example, if it prefers...

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the HelloChrome120, HelloChrome120PQ, HelloChrome131 and HelloChrome133 symbols due to inconsistent ciphersuite selection between the outer ClientHello and ECH for GREASE...

CLSA-2025-1762192914 gnutls: Fix of CVE-2025-6395

CVE-2025-6395: fix NULL pointer dereference flaw in gnutlsfigurecommonciphersuite...

CLSA-2025-1762192315 gnutls: Fix of CVE-2025-6395

CVE-2025-6395: fix NULL pointer dereference flaw in gnutlsfigurecommonciphersuite...

CLSA-2025-1761844351 gnutls: Fix of CVE-2025-6395

CVE-2025-6395: fix NULL pointer dereference in gnutlsfigurecommonciphersuite...

CVE-2025-55081

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

CVE-2025-55081

CVE-2025-55081 affects Eclipse Foundation NextX Duo (ThreadX module) prior to version 6.4.4. The vulnerability is in the _nx_secure_tls_process_clienthello() function, which omits length verification for certain SSL/TLS client_hello fields (ciphersuite length and compression method length). Attac...

CVE-2025-55081 Potential out of bound read in _nx_secure_tls_process_clienthello()

In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the nxsecuretlsprocessclienthello function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and compression method length. In case of an attacker-crafted message with values outside o...

gnutls security, bug fix, and enhancement update

An update is available for gnutls. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gnutls packages provide the GNU Transport Layer Security GnuTLS library,...

gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite()

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

EUVD-2016-1674

Malware in sbrugna...

EUVD-2018-1321

Malware in sbrugna...

EUVD-2011-3174

Malware in sbrugna...

Moderate: gnutls security, bug fix, and enhancement update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: Vulnerability in GnuTLS certtool template parsing CVE-2025-32990 gnutls: Vulnerability in GnuTLS otherName SAN...

EUVD-2014-5037

Malicious code in bioql PyPI...

EUVD-2022-2698

Malicious code in bioql PyPI...

EUVD-2022-33599

Malicious code in bioql PyPI...

EUVD-2024-46962

Malicious code in bioql PyPI...

Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()

...