Lucene search
K

226 matches found

OSV
OSV
added 2025/07/10 4:15 p.m.7 views

AZL-65193 CVE-2025-6395 affecting package gnutls for versions less than 3.8.3-6

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

6.5CVSS6.9AI score0.00619EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 4:15 p.m.4 views

AZL-65154 CVE-2025-6395 affecting package gnutls for versions less than 3.7.11-4

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

6.5CVSS6.9AI score0.00619EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 4:15 p.m.2 views

DEBIAN-CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

6.5CVSS6.1AI score0.00619EPSS
Exploits0References1
OSV
OSV
added 2025/07/10 4:15 p.m.3 views

UBUNTU-CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

6.5CVSS6.7AI score0.00619EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2025/07/10 3:20 p.m.4 views

CVE-2025-6395

A NULL pointer dereference flaw was found in the GnuTLS software in gnutlsfigurecommonciphersuite...

6.5CVSS6.5AI score0.00619EPSS
Exploits0References13
Snyk
Snyk
added 2025/07/10 7:56 a.m.3 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the gnutlsfigurecommonciphersuite function. Remediation A fix was pushed into the master branch but not yet published. References - Fix Commit - PoC - Red Hat Bugzilla Bug - Release Notes Credit: Stefan Bühl...

8.3CVSS6.9AI score0.00619EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 1:16 a.m.6 views

CVE-2022-29242

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite TLSGOSTR341112256WITHKUZNYECHIKCTROMAC is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1...

7.5CVSS7AI score0.01563EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-29242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite...

7.5CVSS7.7AI score0.01563EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/12/07 12:0 a.m.4 views

CVE-2024-5814

...

5.3CVSS5.9AI score0.00466EPSS
Exploits0
OSV
OSV
added 2024/08/27 7:15 p.m.18 views

CVE-2024-5814

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.3CVSS6.5AI score
Exploits0References1
NVD
NVD
added 2024/08/27 7:15 p.m.14 views

CVE-2024-5814

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.3CVSS0.00466EPSS
Exploits0References1
OSV
OSV
added 2024/08/27 7:15 p.m.4 views

UBUNTU-CVE-2024-5814

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.3CVSS5.8AI score0.00466EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/08/27 7:15 p.m.16 views

CVE-2024-5814

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.3CVSS5.9AI score0.00466EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/27 6:38 p.m.19 views

CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.1CVSS6.4AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/27 6:38 p.m.23 views

CVE-2024-5814 Unverifed Ciphersuite used on a client-side TLS1.3 Downgrade

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.1CVSS0.00466EPSS
Exploits0References1
CVE
CVE
added 2024/08/27 6:38 p.m.64 views

CVE-2024-5814

CVE-2024-5814 is confirmed in the NVD entry and echoed by other connected advisories describing a downgrade flaw where a malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a cipher-suite it did not agree to, due to the client skipping full parsing of the ServerHell...

5.3CVSS6.8AI score0.00466EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2024/08/27 6:38 p.m.12 views

CVE-2024-5814

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.3CVSS5.3AI score0.00466EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/08/27 6:38 p.m.12 views

CVE-2024-5814

A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello...

5.3CVSS6.9AI score0.00466EPSS
Exploits0References1
OSV
OSV
added 2024/06/05 3:10 p.m.12 views

GO-2024-2850 NATS server TLS missing ciphersuite settings when CLI flags used in github.com/nats-io/nats-server

NATS server TLS missing ciphersuite settings when CLI flags used in github.com/nats-io/nats-server...

6.5AI score0.00348EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.26 views

RHEL 3 : openssl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: SGC restart DoS attack CVE-2011-4619 - openssl: CMS and PKCS7 Bleichenbacher attack CVE-2012-088...

9.1CVSS8.3AI score0.16645EPSS
Exploits1References6
Rows per page
Query Builder