CVE-2026-46027 net/smc: avoid early lgr access in smc_clc_wait_msg

In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smcclcwaitmsg A CLC decline can be received while the handshake is still in an early stage, before the connection has been associated with a link group. The decline handling in smcclcwaitmsg...

CVE-2025-68121

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the...

PT-2026-26956

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description A use-after-free issue exists in libsoup's SoupServer. Specifically, the soup server disconnect function can free connection objects before a TLS handshake is finished. If the handshake...

SUSE CVE-2025-11234

A flaw was found in QEMU. If the QIOChannelWebsock object is freed while it is waiting to complete a handshake, a GSource is leaked. This can lead to the callback firing later on and triggering a use-after-free in the use of the channel. This can be abused by a malicious client with network acces...

CVE-2023-53382

In the Linux kernel, the following vulnerability has been resolved: net/smc: Reset connection when trying to use SMCRv2 fails. We found a crash when using SMCRv2 with 2 Mellanox ConnectX-4. It can be reproduced by: - smcrun nginx - smcrun wrk -t 32 -c 500 -d 30 http://: BUG: kernel NULL pointer...

CVE-2023-53382 net/smc: Reset connection when trying to use SMCRv2 fails.

In the Linux kernel, the following vulnerability has been resolved: net/smc: Reset connection when trying to use SMCRv2 fails. We found a crash when using SMCRv2 with 2 Mellanox ConnectX-4. It can be reproduced by: - smcrun nginx - smcrun wrk -t 32 -c 500 -d 30 http://: BUG: kernel NULL pointer...

Astra Linux – Vulnerability in Python 3.11

A defect was discovered in the Python “ssl” module, where there is a memory race condition involving the methods “certstorestats” and “getcacerts” of the ssl.SSLContext class. This race condition can occur when these methods are called simultaneously with the loading of certificates into the...

AZL-42796 CVE-2024-0397 affecting package python3 for versions less than 3.9.19-3

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.11.4 security update

An update is now available for Red Hat OpenShift GitOps v1.11.4 for Argo CD UI and Console Plugin. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

Code injection

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

CVE-2022-24759 Failure to validate signature during handshake in @chainsafe/libp2p-noise

@chainsafe/libp2p-noise contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. @chainsafe/libp2p-noise before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and ge...

W1.fi hostapd deauthentication denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in ...

vertx: WebSocket HTTP upgrade implementation holds the entire http request in memory before the handshake

In version from 3.0.0 to 3.5.3 of Eclipse Vert.x, the WebSocket HTTP upgrade implementation buffers the full http request before doing the handshake, holding the entire request body in memory. There should be a reasonnable limit 8192 bytes above which the WebSocket gets an HTTP response with the...

UBUNTU-CVE-2016-9574

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

OpenSSL re-aeration of the CCS injection vulnerability-vulnerability warning-the black bar safety net

Too much drama last night to see a good piece has about, also good, 2 0 1 2 edition of the perfect memories on, like me such people still choose to use the TV or go to the cinema to see the movie, in the middle of no commercials, experience holding back process, always Suddenly have a lot of idea...