Lucene search
K

25569 matches found

OSV
OSV
added 2026/01/28 8:16 p.m.7 views

AZL-75648 CVE-2025-61730 affecting package msft-golang for versions less than 1.24.12-1

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS6.6AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 8:16 p.m.4 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS5.3AI score
Exploits0References4
OSV
OSV
added 2026/01/28 8:16 p.m.6 views

UBUNTU-CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS7.1AI score0.00276EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/28 8:16 p.m.5 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS6.8AI score0.00276EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 7:30 p.m.31 views

CVE-2025-61730 Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

0.00276EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/01/28 7:30 p.m.6 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS7.3AI score0.00276EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/01/28 7:30 p.m.5 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS8.1AI score0.00276EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/28 7:30 p.m.4 views

CVE-2025-61730 Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.8AI score0.00276EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 7:30 p.m.6 views

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.8AI score0.00276EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/01/28 7:30 p.m.32 views

CVE-2025-61730

CVE-2025-61730: TLS handshake messages may be processed at the wrong encryption level, potentially allowing information disclosure if an attacker can inject handshake messages. The connected advisories link this to crypto/tls in affected Amazon Linux 2 components (e.g., docker, containerd, ecs ru...

5.3CVSS7.3AI score0.00276EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/28 7:8 p.m.4 views

GO-2026-4340 Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

5.3CVSS5.8AI score0.00276EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/28 7:8 p.m.5 views

Incorrect Behavior Order: Early Validation

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Incorrect Behavior Order: Early Validation. Go Vulnerability Report: During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level...

5.3CVSS7.2AI score0.00276EPSS
Exploits0References3
OSV
OSV
added 2026/01/28 6:16 p.m.6 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.8AI score0.00186EPSS
Exploits0References4
NVD
NVD
added 2026/01/28 6:16 p.m.9 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS0.00186EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/28 5:47 p.m.6 views

CVE-2025-57796

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/28 5:47 p.m.8 views

CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

5.9AI score0.00186EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 5:47 p.m.12 views

CVE-2025-57796

CVE-2025-57796 concerns Explorance Blue versions prior to 8.14.12 that use reversible symmetric encryption with a hardcoded static key to protect sensitive data (including user passwords and system configurations). The design allows offline decryption if encrypted data are obtained, representing ...

6.8CVSS5.9AI score0.00186EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/28 5:47 p.m.30 views

CVE-2025-57796 Use of a hardcoded static key to protect sensitive data in Explorance Blue

Explorance Blue versions prior to 8.14.12 use reversible symmetric encryption with a hardcoded static key to protect sensitive data, including user passwords and system configurations. This approach allows stored values to be decrypted offline if the encrypted data are obtained...

0.00186EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/01/28 5:17 p.m.4 views

openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing

A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax CMS message with an oversized Initialization Vector IV when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated...

8.8CVSS6.3AI score0.47621EPSS
Exploits7References4
NVD
NVD
added 2026/01/28 11:15 a.m.6 views

CVE-2025-41351

Vulnerability that allows a Padding Oracle Attack to be performed on the Funambol v30.0.0.20 cloud server. The thumbnail display URL allows an attacker to decrypt and encrypt the parameters used by the application to generate ‘self-signed’ access URLs...

6CVSS0.00194EPSS
Exploits0References1
Rows per page
Query Builder