98 matches found
GO-2026-4322 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik...
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...
EUVD-2026-2949
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall...
TencentOS Server 4: openssl (TSSA-2024:0289)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0289 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
BIT-GOLANG-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...
EUVD-2025-36737
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189
CVE-2025-58189 : IBM bulletin details this vulnerability: when Conn.Handshake fails during ALPN negotiation, the error may include attacker-controlled data (the client-sent ALPN protocols) and is not escaped. This can reveal sensitive info in logs. CVSS v3.1 base score 5.3 (Network, Low/None impa...
CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
CVE-2025-58189 ALPN negotiation error contains attacker controlled information in crypto/tls
When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information the ALPN protocols sent by the client which is not escaped...
Improper Encoding or Escaping of Output
Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:When Conn.Handshake fails during ALPN negotiation, the error contains attacker-controlled information the AL...
CVE-2025-62409 Envoy allows large requests and responses to cause TCP connection pool crash
Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes due to flow control management in Envoy. It will happen when the connection is closing but upstream data is...
BIT-LIBPYTHON-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()
CPython 3.9 and earlier doesn't disallow configuring an empty list "" for SSLContext.setnpnprotocols which is an invalid value for the underlying OpenSSL API. This results in a buffer over-read when NPN is used see CVE-2024-5535 for OpenSSL. This vulnerability is of low severity due to NPN being...
SUSE-SU-2025:03462-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on...
EUVD-2019-16178
Malware in sbrugna...
EUVD-2019-7497
Malware in sbrugna...
ROS-20250923-01
The vulnerability in the Python programming language interpreter CPython is due to the fact that Cpython does not prohibits setting an empty list "" for SSLContext.setnpnprotocols, which is an invalid value for the OpenSSL base API when using NPN. Exploitation of the vulnerability could allow an...
Alibaba Cloud Linux 3 : 0227: openssl (ALINUX3-SA-2024:0227)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0227 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-5535: Issue summary: Calling the OpenSSL A...
openssl: SSL_select_next_proto buffer overread
A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...
openssl: SSL_select_next_proto buffer overread
A flaw was found in OpenSSL. Affected versions of this package are vulnerable to Information Exposure through the SSLselectnextproto function. This flaw allows an attacker to cause unexpected application behavior or a crash by exploiting the buffer overread condition when the function is called...