Lucene search
K

73 matches found

NVD
NVD
added 2026/07/01 8:17 p.m.6 views

CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS0.0032EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 8:17 p.m.3 views

DEBIAN-CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS5.8AI score0.0032EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/01 7:34 p.m.4 views

CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS5.8AI score0.0032EPSS
Exploits0
OSV
OSV
added 2026/06/18 3:46 p.m.9 views

ROOT-APP-GOBINARY-CVE-2026-26014 CVE-2026-26014 in rootio-github.com/pion/dtls/v2 - Patched by Root

Root has patched CVE-2026-26014 in the rootio-github.com/pion/dtls/v2 package for Root:Go. Multiple fixed versions available...

5.9CVSS5.4AI score0.00619EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.9AI score0.00619EPSS
Exploits0References3
NVD
NVD
added 2026/02/11 9:16 p.m.23 views

CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS0.00619EPSS
Exploits0References6
OSV
OSV
added 2026/02/11 9:16 p.m.7 views

AZL-77649 CVE-2026-26014 affecting package telegraf 1.31.0-12

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.8AI score0.00619EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:7 p.m.5 views

CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.6AI score0.00619EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/02/11 9:7 p.m.54 views

CVE-2026-26014 Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS0.00619EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/02/11 9:7 p.m.23 views

CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.5AI score0.00619EPSS
Exploits0
OSV
OSV
added 2026/02/11 9:7 p.m.5 views

CVE-2026-26014 Pion DTLS uses random nonce generation with AES GCM ciphers risks leaking the authentication key

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.6AI score0.00619EPSS
Exploits0References8
Snyk
Snyk
added 2026/02/11 3:13 p.m.6 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the use of the random nonce generation with AES GCM ciphers. An attacker can obtain the authentication key and spoof data by exploiting nonce reuse within a session. Remediation There is no fixed...

8.2CVSS5.7AI score0.00619EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

Ubuntu 22.04 LTS : Snowflake vulnerabilities (USN-7966-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7966-1 advisory. It was discovered that Pion DTLS, vendored in Snowflake, did not impose a limit on the amount of data that was buffered during the handshake. An attacker...

7.5CVSS5.8AI score0.0183EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2026/01/20 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7966-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.5AI score0.0183EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/01/19 12:42 p.m.9 views

USN-7966-2: Telegraf vulnerabilities

USN-7966-1 fixed vulnerabilities in Snowflake. This update provides the corresponding updates for Telegraf. Original advisory details: It was discovered that Pion DTLS, vendored in Telegraf, did not impose a limit on the amount of data that was buffered during the handshake. An attacker could...

7.5CVSS6.6AI score0.0183EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:8 a.m.9 views

CVE-2019-20786

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...

9.8CVSS7AI score0.02938EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1278

Malware in sbrugna...

9.8CVSS9.3AI score0.02938EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3660

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.0183EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-5491

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00702EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3593

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01484EPSS
Exploits0References6
Rows per page
Query Builder