Lucene search
K

535 matches found

Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42202

Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...

7.4CVSS5.2AI score0.00225EPSS
Exploits1References2
Veracode
Veracode
added 2026/05/03 4:52 p.m.12 views

Improper Certificate Validation

Caddy is vulnerable to Improper Certificate Validation. The vulnerability is due to swallowed errors in ClientAuthentication.provision, where failures loading trustedcacertfile or trustedcacertspemfiles are ignored, causing mTLS authentication to fail open and accept any client certificate signed...

9.3CVSS5.8AI score0.00267EPSS
Exploits1References6Affected Software2
EUVD
EUVD
added 2026/04/30 7:36 p.m.5 views

EUVD-2026-26413

CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service...

2.3CVSS6AI score0.00287EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 7:36 p.m.41 views

CVE-2026-33446 Buffer overflow in client authentication prior to version 14.50

CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service...

2.3CVSS0.00287EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.10 views

PT-2026-36168

Name of the Vulnerable Software and Affected Versions Secure Access client versions prior to 14.50 Description A buffer overflow exists in the authentication sub-system. Attackers controlling a modified server can send a specially crafted packet to overwrite a small portion of memory, which may...

9.8CVSS6AI score0.00287EPSS
Exploits0References6
OSV
OSV
added 2026/04/27 3:30 p.m.6 views

GHSA-J2Q8-XX3Q-8FQH Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.7AI score0.00286EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/27 3:30 p.m.9 views

Apache Storm's Improper Handling of TLS Client Authentication Failure Leads to Anonymous Principal Assignment

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.7AI score0.00286EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 1:10 p.m.2 views

CVE-2026-41081 Apache Storm Client: Anonymous principal assigned on TLS client certificate verification failure

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

5.1AI score0.00286EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/27 1:10 p.m.8 views

EUVD-2026-25848

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.1AI score0.00286EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/27 1:10 p.m.3 views

CVE-2026-41081

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.1AI score0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 1:10 p.m.37 views

CVE-2026-41081

CVE-2026-41081 : In Apache Storm, TLS transport with default config (client certs not required) can assign a fallback principal CN=ANONYMOUS when a client certificate is missing or verification fails, because SSLPeerUnverifiedException is caught and connection is not rejected. This “fail-open” ca...

6.5CVSS5.1AI score0.00286EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.9 views

PT-2026-35414

Improper Handling of TLS Client Authentication Failure Leading to Anonymous Principal Assignment in Apache Storm Versions Affected: up to 2.8.7 Description: When TLS transport is enabled in Apache Storm without requiring client certificate authentication the default configuration, the...

6.5CVSS5.1AI score0.00286EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 11:18 a.m.4 views

OPENSUSE-SU-2026:20528-1 Security update for Botan

This update for Botan fixes the following issues: - CVE-2026-34582: Fixed a client authentication bypass in TLS 1.3 implementation bsc1261880...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 3:16 a.m.7 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS0.00739EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:49 a.m.5 views

CVE-2026-6264

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/04/14 1:49 a.m.30 views

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS0.00739EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/14 1:49 a.m.4 views

CVE-2026-6264 Critical Security fix for the Talend JobServer and Talend Runtime

A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talend JobServer. The vulnerability can be mitigated for the Talend JobServer by requiring TLS client...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32590

Name of the Vulnerable Software and Affected Versions Talend JobServer affected versions not specified Talend Runtime versions prior to R2024-07-RT Description Unauthenticated remote code execution is possible via the JMX monitoring port. Recommendations Require TLS client authentication for the...

9.8CVSS6.4AI score0.00739EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.8 views

CVE-2026-29145

A flaw was found in Apache Tomcat and Apache Tomcat Native. When CLIENTCERT authentication is configured with "soft fail" disabled, the authentication process may not correctly fail in certain scenarios. This vulnerability could allow an attacker to bypass expected client certificate...

9.1CVSS5.9AI score0.00715EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/04/08 9:24 a.m.3 views

CVE-2026-34582

A flaw was found in Botan, a C++ cryptography library. The TLS 1.3 implementation in Botan allows application data to be processed before the TLS handshake is fully completed. A remote attacker can exploit this by omitting critical client authentication messages, such as the Certificate,...

9.1CVSS5.9AI score0.00233EPSS
Exploits0References4
Rows per page
Query Builder