Lucene search
+L

48 matches found

osv
osv
added 2026/07/09 11:16 a.m.1 views

DEBIAN-CVE-2026-59692

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an...

7.5CVSS6.2AI score0.0031EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39575

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6CVSS5.8AI score0.00143EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/14 12:0 a.m.11 views

ex_webrtc 信任管理问题漏洞

exwebrtc is an open-source WebRTC library based on Elixir language, developed by Elixir WebRTC. Versions of exwebrtc prior to 0.15.1 and 0.16.1 contained a trust management vulnerability. This vulnerability stemmed from the lack of peer certificate fingerprint verification in the DTLS client role...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References1
redhat
redhat
added 2026/04/10 4:3 p.m.2 views

nodejs: Nodejs memory leak

A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory,...

7.5CVSS6.7AI score0.0023EPSS
Exploits0References5
redhat
redhat
added 2026/04/10 1:3 p.m.2 views

nodejs: Nodejs memory leak

A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory,...

7.5CVSS6.7AI score0.0023EPSS
Exploits0References5
f5
f5
added 2026/03/19 3:56 a.m.9 views

K000160399: Node.js vulnerability CVE-2025-59464

Security Advisory Description A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger...

7.5CVSS6.8AI score0.0023EPSS
Exploits0
euvd
euvd
added 2026/02/03 12:0 a.m.6 views

EUVD-2025-206707

An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and W1000. There is unbounded memory allocation via a large buffer in a /proc/driver/unifi0/p2pcertif write operation, leading to...

6.2CVSS5.6AI score0.00136EPSS
Exploits0References2
osv
osv
added 2026/01/20 9:16 p.m.6 views

UBUNTU-CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

7.5CVSS5.8AI score0.0023EPSS
Exploits0References3
cvelist
cvelist
added 2026/01/20 8:41 p.m.30 views

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

6.5CVSS0.0023EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/01/20 8:41 p.m.2 views

CVE-2025-59464

A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through...

6.5CVSS5.5AI score0.0023EPSS
Exploits0References1
cve
cve
added 2026/01/20 8:41 p.m.32 views

CVE-2025-59464

CVE-2025-59464 describes a memory leak in Node.js OpenSSL integration during conversion of X.509 certificate fields to UTF-8, occurring when applications call socket.getPeerCertificate(true). Each certificate field leaks memory, enabling steady memory growth over TLS connections and potentially c...

7.5CVSS5.5AI score0.0023EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2026/01/14 12:0 a.m.4 views

Ubuntu 24.04 LTS : Erlang vulnerability (USN-7961-1)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7961-1 advisory. It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this...

5.5CVSS5.9AI score0.00251EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 8:42 a.m.18 views

CVE-2022-31183

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

9.8CVSS6.7AI score0.00641EPSS
Exploits1References1
osv
osv
added 2026/01/08 12:15 a.m.4 views

DEBIAN-CVE-2025-15346

A vulnerability in the handling of verifymode = CERTREQUIRED in the wolfssl Python package wolfssl-py causes client certificate requirements to not be fully enforced. Because the WOLFSSLVERIFYFAILIFNOPEERCERT flag was not included, the behavior effectively matched CERTOPTIONAL: a peer certificate...

9.3CVSS6.7AI score0.00272EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/01/07 12:0 a.m.9 views

PT-2026-1769

Name of the Vulnerable Software and Affected Versions wolfssl-py versions up to and including 5.8.2 Description A flaw exists in the handling of verify mode = CERT REQUIRED within the wolfssl Python package wolfssl-py. The absence of the WOLFSSL VERIFY FAIL IF NO PEER CERT flag causes the softwar...

9.3CVSS6.5AI score0.00272EPSS
Exploits0References16
snyk
snyk
added 2025/11/07 11:41 p.m.2 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to insufficient peer verification logic in the verifyPeerCert function. An attacker can impersonate privileged API components and execute unauthorized operations by compromising a single instance and...

6.5CVSS5.5AI score0.00181EPSS
Exploits1References2
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-28625

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.02854EPSS
Exploits0References6
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6207

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00641EPSS
Exploits1References7
hackerone
hackerone
added 2025/09/25 11:41 a.m.8 views

Node.js: Memory leak that enables remote Denial of Service against applications processing TLS client certificates

A memory leak was discovered in Node.js's OpenSSL integration when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. The vulnerability was triggered when applications called socket.getPeerCertificatetrue, causing steady memory growth through repeated TLS connectio...

7.5CVSS5.5AI score0.0023EPSS
Exploits0
osv
osv
added 2025/03/12 7:18 a.m.12 views

BIT-MONGODB-2024-1351 MongoDB Server may allow successful untrusted connection

Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failin...

9.8CVSS9.1AI score0.00492EPSS
Exploits0References7
Rows per page
Query Builder