Lucene search
K

18 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-55962

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and...

6.5CVSS5.9AI score0.00143EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.4 views

EUVD-2026-39575

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS5.8AI score0.00143EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.7 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS0.00143EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.5 views

DEBIAN-CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

UBUNTU-CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 9:12 p.m.25 views

CVE-2026-55962 TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS0.00143EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:12 p.m.20 views

CVE-2026-55962

CVE-2026-55962 (WolfSSL) : TLS 1.3 post-handshake authentication could allow a server to accept a client’s Finished message without a Certificate and CertificateVerify if a post-handshake CertificateRequest was outstanding. The fix scopes the check to the initial handshake: after certReqCtx is se...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 9:12 p.m.5 views

CVE-2026-55962

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS5.8AI score0.00143EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52599

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A TLS 1.3 post-handshake authentication PHA issue exists where a server may accept a client's Finished message even if the client has not provided a Certificate and CertificateVerify. This...

6.5CVSS5.8AI score0.00143EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-0181

Malware in sbrugna...

7.8CVSS6.4AI score0.07045EPSS
Exploits0References21
OSV
OSV
added 2025/08/08 9:11 a.m.1 views

SUSE-SU-2025:02740-1 Security update for tgt

This update for tgt fixes the following issues: - CVE-2024-45751: Fixed CHAP authentication bypass in user-space Linux target framework bsc1230360...

5.9CVSS6.8AI score0.00547EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/02 12:0 a.m.7 views

PT-2023-5869 · Qualcomm · Qualcomm Data Modem

Name of the Vulnerable Software and Affected Versions: Qualcomm Data Modem affected versions not specified Description: The issue is related to a cryptographic problem in the Data Modem due to improper authentication during the TLS handshake. This can allow a remote attacker to gain read, modify,...

9.1CVSS7AI score0.0043EPSS
Exploits0References9
Oracle linux
Oracle linux
added 2019/11/14 12:0 a.m.84 views

python3 security and bug fix update

3.6.8-15.1.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8-15.1 - Patch 329 FIPS modified: Added workaround for modssl: Skip error checking in Pyhashlibfipserror Resolves: rhbz1760106 3.6.8-15 - Patch 329 that adds support for OpenSSL FIPS mode has been improved and...

9.8CVSS8.5AI score0.20743EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2019/07/30 7:50 p.m.174 views

Moderate: Red Hat Security Advisory: nss and nspr security, bug fix, and enhancement update

An update for nss and nspr is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

7.5CVSS6.7AI score0.02794EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2019/05/07 4:19 a.m.6 views

httpd: mod_ssl: access control bypass when using per-location client certification authentication

A flaw was found in Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38. A bug in modssl, when using per-location client certificate verification with TLSv1.3, allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. An attacker could perform vario...

7.5CVSS7.1AI score0.10508EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2019/04/08 12:0 a.m.162 views

Apache HTTP Server < 2.4.39 mod_ssl Access Control Bypass Vulnerability - Linux

In Apache HTTP Server a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpte...

7.5CVSS7.6AI score0.10508EPSS
Exploits0References1
Apache Httpd
Apache Httpd
added 2019/01/23 12:0 a.m.93 views

Apache Httpd < 2.4.39 : mod_ssl access control bypass

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions...

7.5CVSS1.7AI score0.10508EPSS
Exploits0Affected Software1
myhack58
myhack58
added 2009/03/19 12:0 a.m.37 views

To decrypt WPA/WPA2 encrypted high-speed crack of the truth-vulnerability warning-the black bar safety net

For wireless WPA encryption environment, in access to the WPA Handshake Authentication package, the attacker will through brute force mode for WPA password cracking, but also by the prior establishment of a targeted dictionary, then dictionary crackattack. For most wireless access point AP, this...

7AI score
Exploits0
Rows per page
Query Builder