Lucene search
K

6 matches found

Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.10 views

PT-2026-24613

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...

7.4CVSS5.8AI score0.00633EPSS
Exploits0References4
OSV
OSV
added 2025/11/06 12:58 p.m.5 views

BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.5AI score0.00443EPSS
Exploits0References6
OSV
OSV
added 2025/10/29 10:10 p.m.9 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/10/09 12:0 a.m.26 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-2562)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.5AI score0.05582EPSS
Exploits1References2
OSV
OSV
added 2024/09/03 3:10 p.m.12 views

SUSE-SU-2024:3119-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSLselectnextproto with an empty supported client protocols buffer bsc1227138, bsc1227227...

9.1CVSS8AI score0.05582EPSS
Exploits1References4
OSV
OSV
added 2024/07/31 3:46 p.m.4 views

USN-6937-1 openssl vulnerabilities

It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when certain non-default TLS server configurations were in use. A remote attacker could possibly use this issue to cause OpenSSL to consume resources, leading to a denial of service. CVE-2024-2511 It was discovered that OpenSSL...

9.1CVSS6.9AI score0.54026EPSS
Exploits1References5
Rows per page
Query Builder