CVE-2026-41860

CVE-2026-41860 affects BOSH prior to v282.1.9. The root cause is CWE-326: HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling a local attacker to perform a MITM and intercept credentials or redirect UAA token requests betwee...

Ubuntu 25.10 / 26.04 LTS : CRaC JDK 17 vulnerabilities (USN-8332-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8332-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

Ubuntu 25.10 / 26.04 LTS : CRaC JDK 25 vulnerabilities (USN-8334-1)

The remote Ubuntu 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8334-1 advisory. Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker...

USN-8334-1 openjdk-25-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 25 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8333-1 openjdk-21-crac vulnerabilities

Thomas Beckers discovered that the JAXP component of CRaC JDK 21 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of CRa...

USN-8327-1 openjdk-17 vulnerabilities

Thomas Beckers discovered that the JAXP component of OpenJDK 17 did not correctly authenticate certain APIs. A remote unauthenticated attacker could possibly use this issue to gain unauthorized access to sensitive information. CVE-2026-22016 It was discovered that the Networking component of...

[SECURITY] Fedora 43 Update: curl-8.15.0-7.fc43

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Joomla! CMS 安全漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a security vulnerability, which stems from the password and username reset function creating plaintext HTTP links for HTTPS connections when a mandatory SSL flag is not set...

[SECURITY] Fedora 42 Update: nss-3.123.1-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

F5 Networks BIG-IP : BIG-IP SSL/TLS vulnerability (K000158978)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K000158978 advisory. When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop...

Astra Linux - уязвимость в python-urllib3

The urllib3 library before version 1.24.2 in Python mishandles certain cases where the desired set of CA certificates differs from the CA certificates stored in the operating system’s store. As a result, SSL connections succeed in situations where a verification failure would be the correct...

Astra Linux - уязвимость в erlang

In Erlang/OTP versions prior to 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there was a situation where Client Authentication Bypass occurred in certain client-certification scenarios for SSL, TLS, and DTLS...

Astra Linux - уязвимость в apache2

Insufficient escaping of user-supplied data in modssl in Apache HTTP Server 2.4.63 and earlier allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to log variables...

BIT-POSTGRESQL-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion

...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the SSL or GSS negotiation process. An attacker can cause the service to become unresponsive by triggering uncontrolled recursion when connecting to an AFUNIX socket. If both SSL and GSS are disabled, the...

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

UBUNTU-CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

CVE-2026-6479

CVE-2026-6479 affects PostgreSQL: uncontrolled recursion during SSL/GSS negotiation can cause sustained denial of service. Affected are versions older than 18.4, 17.10, 16.14, 15.18, and 14.23. An attacker connected to a PostgreSQL AF_UNIX socket can trigger the issue; if SSL and GSS are both dis...