CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

CVE-2026-24281

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

CVE-2025-54885 Thinbus generates insufficient entropy: 252 bits vs minimum 256 bits

Thinbus Javascript Secure Remote Password is a browser SRP6a implementation for zero-knowledge password authentication. In versions 2.0.0 and below, a protocol compliance bug causes the client to generate a fixed 252 bits of entropy instead of the intended bit length of the safe prime defaulted t...

undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

Medium: openssl11

Issue Overview: openssl: Use After Free with SSLfreebuffers CVE-2024-4741 Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a...

OESA-2024-1879 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

AZL-42988 CVE-2024-5535 affecting package cloud-hypervisor-cvm for versions less than 38.0.72.2-3

Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or ...

undertow: Out-of-memory Error after several closed connections with wildfly-http-client protocol

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

GHSA-XH6M-7CR7-XX66 Missing permission checks on Hazelcast client protocol

Impact In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster. Patches Fix versions: 5.2.5, 5.3.5,...

Missing permission checks on Hazelcast client protocol

Impact In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster. Patches Fix versions: 5.2.5, 5.3.5,...

Undertow Uncontrolled Resource Consumption Vulnerability

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

Design/Logic Flaw

A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and...

Red Hat Undertow Resource Management Error Vulnerability

Red Hat Undertow is a Java-based embedded web server from Red Hat, Inc. and is the default web server for Wildfly Java Application Server. Red Hat Undertow suffers from a resource management error vulnerability that stems from an out-of-memory error after closing a connection multiple times using...

SUSE CVE-2019-3878

A vulnerability was found in modauthmellon before v0.14.2. If Apache is configured as a reverse proxy and modauthmellon is configured to only let through authenticated users with the require valid-user directive, adding special HTTP headers that are normally used to start the special SAML ECP...

CVE-2022-4492

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step at least it should be performed by default in https and in http/2. I would add it to any TLS client protocol...

SUSE CVE-2011-3354

The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service crash via a crafted Client-To-Client Protocol CTCP request, as demonstrated in the wild in September 2011...

SUSE-SU-2022:3791-1 Security update for libtirpc

This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed denial of service vulnerability with lots of connections bsc1201680. - Exclude ipv6 addresses in client protocol version 2 code bsc1200800...

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.

...

Security Bulletin: IBM WebSphere MQ Invalid client protocol flows could cause denial of service (CVE-2016-0379)

Summary An invalid MQ client protocol flow could cause a memory access violation on the server which could impact other channels running in the same process. Vulnerability Details CVEID: CVE-2016-0379 DESCRIPTION: IBM WebSphere MQ could allow an authenticated user with queue manager rights to cau...

CVE-2010-3443

ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service unresponsive IRC via multiple Client-To-Client Protocol CTCP requests in a PRIVMSG message...