Lucene search
+L

98 matches found

OSV
OSV
added 2026/01/23 2:28 a.m.6 views

GO-2026-4322 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik...

7.5CVSS5.4AI score0.00321EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:41 p.m.5 views

CVE-2026-21637

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS5.5AI score0.01056EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/01/15 10:58 p.m.7 views

EUVD-2026-2949

Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall...

5.9CVSS6.4AI score0.00321EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.9 views

TencentOS Server 4: openssl (TSSA-2024:0289)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0289 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
OSV
OSV
added 2025/11/06 12:58 p.m.5 views

BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.5AI score0.00443EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/30 10:42 p.m.7 views

CVE-2025-58189

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

5.3CVSS6.1AI score0.00443EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/30 12:31 a.m.7 views

EUVD-2025-36737

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.2AI score0.00443EPSS
Exploits0References5
CVE
CVE
added 2025/10/29 10:10 p.m.42 views

CVE-2025-58189

CVE-2025-58189 : IBM bulletin details this vulnerability: when Conn.Handshake fails during ALPN negotiation, the error may include attacker-controlled data (the client-sent ALPN protocols) and is not escaped. This can reveal sensitive info in logs. CVSS v3.1 base score 5.3 (Network, Low/None impa...

5.3CVSS6.3AI score0.00443EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/10/29 10:10 p.m.12 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

0.00443EPSS
Exploits0References4
OSV
OSV
added 2025/10/29 10:10 p.m.11 views

CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...

5.3CVSS6.7AI score0.00443EPSS
Exploits0References8
Snyk
Snyk
added 2025/10/29 9:49 p.m.3 views

Improper Encoding or Escaping of Output

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:When Conn.Handshake fails during ALPN negotiation, the error contains attacker-controlled information the AL...

6.9CVSS6.7AI score0.00443EPSS
Exploits0References3
OSV
OSV
added 2025/10/16 5:47 p.m.7 views

CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash

Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...

8.7CVSS7AI score0.00425EPSS
Exploits0References3
OSV
OSV
added 2025/10/14 9:24 a.m.7 views

BIT-LIBPYTHON-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()

CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...

9.1CVSS8.7AI score0.05582EPSS
Exploits1References9
OSV
OSV
added 2025/10/07 7:46 a.m.2 views

SUSE-SU-2025:03462-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on...

6.9AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-16178

Malware in sbrugna...

7.5CVSS7.5AI score0.01766EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-7497

Malware in sbrugna...

6.5CVSS7.8AI score0.0134EPSS
Exploits0References13
Redos
Redos
added 2025/09/23 12:0 a.m.6 views

ROS-20250923-01

The vulnerability in the Python programming language interpreter CPython is due to the fact that Cpython does not prohibits setting an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the OpenSSL base API when using NPN. Exploitation of the vulnerability could allow an...

6.5CVSS6.5AI score0.00744EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.9 views

Alibaba Cloud Linux 3 : 0227: openssl (ALINUX3-SA-2024:0227)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0227 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-5535: Issue summary: Calling the OpenSSL A...

9.1CVSS7.6AI score0.05582EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/04/08 1:14 a.m.6 views

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

9.1CVSS6.8AI score0.05582EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/04/02 5:6 p.m.5 views

openssl: SSL_select_next_proto buffer overread

A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...

9.1CVSS6.8AI score0.05582EPSS
Exploits1References5
Rows per page
Query Builder