CVE-2026-20005

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the...

CVE-2026-20005

Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting in an interruption of packet inspection. This vulnerability is due to incomplete parsing of the...

CVE-2026-23811 Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2026-23811

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2026-23811 Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2026-23811

CVE-2026-23811 is described across multiple sources as a vulnerability in the client isolation mechanism that may bypass L2 restrictions and, when combined with a port-stealing attack, enable a bi-directional MitM at L3. The connected documents do not provide concrete product/vendor/component/ver...

Cisco Secure Firewall Threat Defense Software TLS with Snort 3 Detection Engine Denial of Service Vulnerability

A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service DoS condition...

Cisco Secure Firewall Threat Defense Software SSL Decryption Policy Denial of Service Vulnerability

A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory...

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

CLSA-2026-1772620440 skopeo: Fix of 3 CVEs

rebuild with newer golang version 1.25.7-1.el96.tuxcare.els1 to fix the following CVEs - CVE-2025-68121: fix TLS session resumption bypass by preventing shared auto-rotated ticket keys in Config and validating full certificate chain expiry - CVE-2025-61726: limit parsed URL query parameters to...

PT-2026-23016

A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper memory...

Cisco Secure Firewall Threat Defense 安全漏洞

Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by the American company Cisco. There is a security vulnerability present in Cisco Secure Firewall Threat Defense. This vulnerability stems from improper memory management when checking TLS 1.2 encrypted traffic. It...

Cisco Secure Firewall Threat Defense 代码问题漏洞

Cisco Secure Firewall Threat Defense is an integrated firewall platform developed by the American company Cisco. There is a code vulnerability in Cisco Secure Firewall Threat Defense, which stems from improper implementation of the TLS protocol. This vulnerability could allow unauthenticated remo...

PT-2026-22945

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists in the client isolation mechanism that could allow an attacker to circumvent Layer 2 L2 communication limitations between clients, potentially redirecting traffic at Layer 3 L3...

PT-2026-23009

A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to unexpectedly restart, resulting in a denial of service DoS condition...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from issues with the client isolation mechanism, which...

Incorrect Calculation of Buffer Size

Overview Affected versions of this package are vulnerable to Incorrect Calculation of Buffer Size via incorrect interpretation of the length prefix in the PSK extension field during TLS 1.3 handshakes. An attacker can exhaust server resources and cause service disruption by sending repeated...

USN-8062-2: curl vulnerabilities

USN-8062-1 fixed vulnerabilities in curl. This update provides the corresponding update for CVE-2025-14017, CVE-2025-15079, and CVE-2025-15224 for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that curl incorrectly handled...

SUSE-SU-2026:20629-1 Security update for go1.24-openssl

This update for go1.24-openssl fixes the following issues: - Update to version 1.24.13 jscSLE-18320 - CVE-2025-58189: crypto/tls: ALPN negotiation error contains attacker controlled information. bsc1251255 - CVE-2025-61725: net/mail: excessive CPU consumption in ParseAddress. bsc1251253 -...

nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections

A flaw was found in NGINX. When NGINX is configured to proxy to upstream Transport Layer Security TLS servers, An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response...