Lucene search
K

77 matches found

Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.14 views

PT-2026-55875

Name of the Vulnerable Software and Affected Versions PHP version 8.2 Description A failure to establish a TLS handshake the process where a client and server authenticate each other and establish encryption keys with a remote server can lead to a Denial of Service DoS condition. Recommendations ...

6.1AI score
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53181

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53181

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...

5.8AI score0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.18 views

CVE-2026-53181

CVE-2026-53181 affects the Linux kernel vsock/vmci stack. On failing handshake, vmci_transport_recv_listen() could leave sk_ack_backlog incremented (due to missing sk_acceptq_removed() call), allowing backlog growth toward sk_max_ack_backlog and a possible listener denial of new connections (-ECO...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.15 views

PT-2026-52277

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the vsock/vmci component during a failed handshake. When the function vmci transport recv connecting server returns an error, the vmci transport recv listen...

5.5CVSS6AI score0.00128EPSS
Exploits0References22
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in gnutls28

A issue was discovered in GnuTLS before version 3.6.15. A server can cause a NULL pointer dereferencing in a TLS 1.3 client if a norenegotiation alert is sent at an unexpected time, resulting in an invalid second handshake. The crash occurs during the application’s error handling process, where t...

7.5CVSS7.4AI score0.0373EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/12 8:52 p.m.36 views

CVE-2026-44296 Deskflow: TLS multiplexer DoS on failed `SSL_accept`

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS0.00279EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/12 8:52 p.m.10 views

CVE-2026-44296

Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...

7.5CVSS5.8AI score0.00279EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.6 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7AI score0.01056EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/05 3:27 p.m.6 views

CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure

Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...

8.7CVSS5.9AI score0.00271EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 3:27 p.m.23 views

CVE-2026-30795

The CVE concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The vulnerability affects the Heartbeat sync loop modules, specifically the src/hbbs_http/sync.Rs code path and the Heartbeat JSON payload construction, where cleartext transmission of sensitive...

8.7CVSS5.9AI score0.00271EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/05 3:24 p.m.36 views

CVE-2026-30794

...

0.00313EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/05 3:24 p.m.6 views

CVE-2026-30794

...

5.8AI score0.00313EPSS
Exploits0
CVE
CVE
added 2026/03/05 3:24 p.m.31 views

CVE-2026-30794

CVE-2026-30794 entry is rejected/not used per the Initial Description.

5.9AI score0.00313EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...

6.3CVSS6.7AI score0.02439EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 8 : dotnet5.0-5.0.208-1.el8.ML.1 (AXSA:2021-2473:12)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2473:12 advisory. dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails CVE-2021-41355 Tenable has extracted the...

5.7CVSS7.5AI score0.20342EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.7 views

Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-24659)

An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...

7.5CVSS7.1AI score0.0373EPSS
Exploits1References4
OSV
OSV
added 2025/11/06 12:58 p.m.5 views

BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.5AI score0.00443EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/30 10:42 p.m.5 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

5.3CVSS6.1AI score0.00443EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/30 12:31 a.m.5 views

EUVD-2025-36737

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.2AI score0.00443EPSS
Exploits0References5
Rows per page
Query Builder