Lucene search
+L

3828 matches found

CVE
CVE
added yesterday19 views

CVE-2026-4942

IBM i 7.3–7.6 (5770-SS1) is affected by CVE-2026-4942, which allows a remote attacker to send a crafted message that downgrades TLS to a version disabled by server configuration. The CVSSv3.1 base score is 5.9 (Impact: Confidentiality High, Integrity/Availability None; Attack Vector Network, Atta...

5.9CVSS5.4AI score
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-4942 IBM i is Affected by Algorithm Downgrade in Transport Layer Security []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security TLS protocol to a version disabled in the server configuration...

5.9CVSS
Exploits0References1
CVE
CVE
added yesterday23 views

CVE-2026-53712

The CVE describes a vulnerability in the OnGres SCRAM library (com.ongres.scram:scram-client and scram-common) where, prior to version 3.3, a TLS MITM can silently downgrade SCRAM-SHA-256-PLUS with channel binding to SCRAM-SHA-256 without channel binding when an X.509 certificate uses modern sign...

8.2CVSS5.4AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2024-23573

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2024-23573

CVE-2024-23573 affects HCL Aftermarket EPC. The vulnerability is described as the application being vulnerable to Lucky 13, making the TLS1.1/1.2 and DTLS1.0/1.2 implementations (and older SSL3.0/TLS1.0) susceptible, with potential for a man-in-the-middle. The Connected documents provide the tech...

3.7CVSS5.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2024-23573

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS5.3AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday6 views

EUVD-2024-55663

HCL Aftermarket EPC is vulnerable to attack since the Application is vulnerable to Lucky 13. that makes the SS LLUCKY13 possible affects the TLS1.1and 1.2 and DTLS1.0 or 1.2 implementations . It also affects previous versions such as SSL3.0 and TLS1.0. This can also be considered a type of...

3.7CVSS5.3AI score
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-44452

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over the zero-length hostname while trying to copy the hostname, assuming that it ...

5.9CVSS0.0025EPSS
Exploits0References2
CVE
CVE
added 2 days ago15 views

CVE-2026-44452

CVE-2026-44452 affects the h2o HTTP server (supports HTTP/1.x, 2, 3). Affected behavior occurs when a TLS/QUIC ClientHello contains a zero-length SNI extension; h2o can attempt to copy the hostname assuming NULL-termination, causing a heap/segmentation fault that may enable a denial-of-service. T...

5.9CVSS6AI score0.0025EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-44452 h2o is vulnerable to heap overrun

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over the zero-length hostname while trying to copy the hostname, assuming that it ...

5.9CVSS0.0025EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago6 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0References8
NVD
NVD
added 2 days ago8 views

CVE-2026-56454

HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1...

7.5CVSS0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44922

HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1...

5.9CVSS6.1AI score0.00136EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

openSUSE 16 Security Update : go1.25-openssl (openSUSE-SU-2026:21319-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21319-1 advisory. This update for go1.25-openssl fixes the following issues - Update to version go1.25.12 bsc1244485. - CVE-2025-61732: cmd/cgo: discrepancy betwe...

10CVSS6.9AI score0.00939EPSS
Exploits1References94
RedHat Linux
RedHat Linux
added 3 days ago6 views

nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 4 days ago8 views

JLSEC-2026-704 Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in...

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.7CVSS6.1AI score0.00209EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

JLSEC-2026-725 A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare...

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS6.1AI score0.00275EPSS
Exploits0References3
OSV
OSV
added 4 days ago3 views

JLSEC-2026-672

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

7.5CVSS6.1AI score0.02121EPSS
Exploits2References7
OSV
OSV
added 4 days ago3 views

JLSEC-2026-708

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

9.8CVSS6.2AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

JLSEC-2026-674

In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. WOLFSSLCALLBACKS is only intended for debugging...

9.1CVSS7.1AI score0.01959EPSS
Exploits2References6
Rows per page
Query Builder