Lucene search
K

321 matches found

RedHat Linux
RedHat Linux
added 2026/02/17 12:48 a.m.7 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/02/16 12:0 a.m.270 views

📄 FortiGate Advanced Symlink Bypass Exploit

This Python script is an advanced exploitation tool targeting vulnerable FortiGate devices manufactured by Fortinet. It attempts to exploit a symlink/path bypass vulnerability via the /lang//custom/ endpoint in order to access sensitive internal files that should not be publicly accessible...

5.9CVSS5.6AI score0.00477EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/02/10 12:54 p.m.3 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/09 2:51 p.m.7 views

CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.2AI score0.01382EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.6 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/05 4:3 p.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/01/28 4:21 p.m.12 views

Clatter has a PSK Validity Rule Violation issue

Impact Protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework Section 9.3. This could allow PSK-derived keys to be used for encryption without proper randomization by self-chosen ephemeral randomness,...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.9 views

Clatter encryption issue vulnerabilities

Clatter is a Rust library developed by Joni Lepistö. Versions of Clatter prior to 2.2.0 had an encryption-related vulnerability. This vulnerability stemmed from a handshake mode that allowed violations of PSK validity rules, potentially leading to key reuse...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References3
OSV
OSV
added 2026/01/27 11:38 p.m.7 views

CVE-2026-24785 Clatter has a PSK Validity Rule Violation issue

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/27 11:38 p.m.4 views

CVE-2026-24785 Clatter has a PSK Validity Rule Violation issue

Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References3
CVE
CVE
added 2026/01/27 11:38 p.m.32 views

CVE-2026-24785

Clatter (no_std Rust implementation of Noise with post-quantum support) had a PSK validity rule violation in versions before 2.2.0, allowing certain post-quantum handshake patterns (e.g., noise_pqkk_psk0, noise_pqkn_psk0, noise_pqnk_psk0, noise_pqnn_psk0 and some hybrids) to bypass the PSK validi...

9.3CVSS5.8AI score0.00122EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/26 2:48 p.m.8 views

BIT-NODE-MIN-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.9AI score0.01056EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 9:16 p.m.8 views

AZL-75080 CVE-2026-21637 affecting package nodejs for versions less than 20.14.0-13

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.2AI score0.01056EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 9:16 p.m.4 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS0.01056EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/20 9:16 p.m.5 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.1AI score0.01056EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 9:16 p.m.5 views

UBUNTU-CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7.2AI score0.01056EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/20 8:41 p.m.39 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

5.9CVSS0.01056EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:41 p.m.4 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.5AI score0.01056EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 8:41 p.m.3 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

5.9CVSS5.6AI score0.01056EPSS
Exploits0References1
CVE
CVE
added 2026/01/20 8:41 p.m.48 views

CVE-2026-21637

CVE-2026-21637 is a Node.js TLS handling issue where synchronous exceptions in PSK/ALPN callbacks can bypass tlsClientError/error paths, causing process termination or FD leaks and potential DoS. Connected advisories (ALAS2023-2026-1404, ALAS2023-2026-1402, ALAS2023-2026-1403, CBLMARINER) confirm...

7.5CVSS5.6AI score0.01056EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder