77 matches found
PT-2026-55875
Name of the Vulnerable Software and Affected Versions PHP version 8.2 Description A failure to establish a TLS handshake the process where a client and server authenticate each other and establish encryption keys with a remote server can lead to a Denial of Service DoS condition. Recommendations ...
Linux Distros Unpatched Vulnerability : CVE-2026-53181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending...
SUSE CVE-2026-53181
In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...
CVE-2026-53181
CVE-2026-53181 affects the Linux kernel vsock/vmci stack. On failing handshake, vmci_transport_recv_listen() could leave sk_ack_backlog incremented (due to missing sk_acceptq_removed() call), allowing backlog growth toward sk_max_ack_backlog and a possible listener denial of new connections (-ECO...
PT-2026-52277
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the vsock/vmci component during a failed handshake. When the function vmci transport recv connecting server returns an error, the vmci transport recv listen...
Astra Linux – Vulnerability in gnutls28
A issue was discovered in GnuTLS before version 3.6.15. A server can cause a NULL pointer dereferencing in a TLS 1.3 client if a norenegotiation alert is sent at an unexpected time, resulting in an invalid second handshake. The crash occurs during the application’s error handling process, where t...
CVE-2026-44296 Deskflow: TLS multiplexer DoS on failed `SSL_accept`
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...
CVE-2026-44296
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service DoS vulnerability affects Deskflow servers running with TLS enabled the default. When any TCP peer connects to the listening port and its first bytes do not parse as a valid TLS...
nodejs: Nodejs denial of service
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
CVE-2026-30795 RustDesk HTTP Client Silently Accepts Invalid TLS Certificates After Handshake Failure
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Heartbeat sync loop modules allows Sniffing Attacks. This vulnerability is associated with program files src/hbbshttp/sync.Rs and program routine...
CVE-2026-30795
The CVE concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. The vulnerability affects the Heartbeat sync loop modules, specifically the src/hbbs_http/sync.Rs code path and the Heartbeat JSON payload construction, where cleartext transmission of sensitive...
CVE-2026-30794
...
CVE-2026-30794
...
CVE-2026-30794
CVE-2026-30794 entry is rejected/not used per the Initial Description.
Astra Linux – Vulnerability in OpenSSL
Issue summary: Clients that use RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because the handshake does not abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections that use raw...
MiracleLinux 8 : dotnet5.0-5.0.208-1.el8.ML.1 (AXSA:2021-2473:12)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2473:12 advisory. dotnet: System.DirectoryServices.Protocols.LdapConnection sends credentials in plaintext if TLS handshake fails CVE-2021-41355 Tenable has extracted the...
Siemens SIMATIC S7-1500 Out-of-bounds Write (CVE-2020-24659)
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a norenegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the...
BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...
EUVD-2025-36737
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...