Lucene search
K

274 matches found

Vulnrichment
Vulnrichment
added 2026/02/20 2:47 a.m.4 views

CVE-2026-27017 uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0 through 1.8.0 contain a fingerprint mismatch with Chrome when using GREASE ECH, related to cipher suite selection. When Chrome selects the preferred...

2.3CVSS5.5AI score0.00154EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 10:33 p.m.5 views

Use of a Cryptographic Primitive with a Risky Implementation

Overview Affected versions of this package are vulnerable to Use of a Cryptographic Primitive with a Risky Implementation in the HelloChrome120, HelloChrome120PQ, HelloChrome131 and HelloChrome133 symbols due to inconsistent ciphersuite selection between the outer ClientHello and ECH for GREASE...

5.3CVSS5.6AI score0.00154EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

GnuTLS 安全漏洞

GnuTLS is an open-source, free security communication library developed by GnuTLS that enables the implementation of SSL, TLS, and DTLS protocols. There is a security vulnerability in gnutls. This vulnerability stems from the possibility of remote, unverified attackers sending specially crafted...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/29 9:19 p.m.3 views

CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References2
OSV
OSV
added 2026/01/29 9:19 p.m.5 views

CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/29 9:19 p.m.37 views

CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS0.00257EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

MiracleLinux 4 : openssl-1.0.0-10.AXS4 (AXSA:2011-715:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-715:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries which...

5CVSS8AI score0.09854EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-7242

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists related to pre-shared key PSK binder verification during Transport Layer Security TLS 1.3 resumption attempts. The issue is triggered when an invalid PSK binder value is present in the...

7.5CVSS7.1AI score0.01382EPSS
Exploits1References21
Microsoft CVE
Microsoft CVE
added 2025/11/25 1:2 a.m.11 views

Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello

...

6.3CVSS7AI score0.004EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/22 10:31 p.m.4 views

CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

6.5CVSS6.9AI score0.00394EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2025-11933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to...

6.5CVSS5.9AI score0.00394EPSS
Exploits0References3
NVD
NVD
added 2025/11/21 11:15 p.m.5 views

CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS0.004EPSS
Exploits0References2
OSV
OSV
added 2025/11/21 11:15 p.m.5 views

CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

5.3CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2025/11/21 11:15 p.m.3 views

DEBIAN-CVE-2025-11933

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

6.5CVSS5.4AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2025/11/21 11:15 p.m.4 views

UBUNTU-CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS5.8AI score0.004EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2025/11/21 10:24 p.m.5 views

CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS5.3AI score0.004EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2025/11/21 10:24 p.m.6 views

CVE-2025-11936

Improper input validation in the TLS 1.3 KeyShareEntry parsing in wolfSSL v5.8.2 on multiple platforms allows a remote unauthenticated attacker to cause a denial-of-service by sending a crafted ClientHello message containing duplicate KeyShareEntry values for the same supported group, leading to...

6.3CVSS6.9AI score0.004EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/11/21 10:19 p.m.3 views

CVE-2025-11933 DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension

Improper Input Validation in the TLS 1.3 CKS extension parsing in wolfSSL 5.8.2 and earlier on multiple platforms allows a remote unauthenticated attacker to potentially cause a denial-of-service via a crafted ClientHello message with duplicate CKS extensions...

2.3CVSS6.5AI score0.00394EPSS
Exploits0References2
CVE
CVE
added 2025/11/21 10:19 p.m.576 views

CVE-2025-11933

CVE-2025-11933 describes an issue in wolfSSL up to version 5.8.2 where improper input validation in the TLS 1.3 CKS extension parsing can allow a remote unauthenticated attacker to cause a denial‑of‑service with a crafted ClientHello containing duplicate CKS extensions. Affected software is wolfS...

6.5CVSS6.5AI score0.00394EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/11/21 3:59 p.m.3 views

JLSEC-2025-218 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information...

9.1CVSS6.9AI score0.01831EPSS
Exploits1References6
Rows per page
Query Builder