17 matches found
wolfSSL 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. Versions of wolfSSL prior to 5.9.0 contained a security vulnerability caused by integer underflow. This vulnerability could allow...
CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports
Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...
SUSE-SU-2025:4160-1 Security update for the Linux Kernel RT (Live Patch 9 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise kernel 6.4.0-150600.10.29 fixes various security issues The following security issues were fixed: - CVE-2025-23145: mptcp: fix NULL pointer in canacceptnewsubflow bsc1242882. - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collectmd...
CVE-2025-55083 Broken bounds check in Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension()
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read...
Important: java-17-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...
OpenSSL Toolkit 3.0.17
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the LTS release supported until 7th September 2026...
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.
A flaw was found in the Golang crypto/tls standard library. In previous versions, the package was vulnerable to a Timing Side Channel attack by observing the time it took for RSA-based TLS key exchanges, which was not constant. This flaw allows a malicious user to gather information from the...
OpenSSL Security Vulnerabilities
OpenSSL is an open source capable general-purpose cryptographic library from the OpenSSL team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure...
OpenSSL Denial of Service Vulnerability (CNVD-2022-37792)
OpenSSL is an open source general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashi...
GnuTLS Encryption Problem Vulnerability (CNVD-2020-53541)
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.14. An attacker can exploit this vulnerability by performing a man-in-the-middle attack to bypass authentication in TLS version 1.3 and recover previou...
JDK: unspecified vulnerability fixed in 6u201, 7u191, 8u181, and 10.0.2 (JSSE)
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: JSSE. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
postgresql: libpq ignores PGREQUIRESSL environment variable
It was discovered that the PostgreSQL client library libpq did not enforce the use of TLS/SSL for a connection to a PostgreSQL server when the PGREQUIRESSL environment variable was set. An man-in-the-middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a...
Fedora Update for gnutls FEDORA-2012-4569
Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2012-4569 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for gnutls FEDORA-2012-4578
Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2012-4578 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for gnutls FEDORA-2010-9487
Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2010-9487 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
Fedora Update for gnutls FEDORA-2008-9600
Check for the Version of gnutls OpenVAS Vulnerability Test Fedora Update for gnutls FEDORA-2008-9600 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[SECURITY] Fedora 8 Update: gnutls-1.6.3-3.fc8
GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implem ents the proposed standards by the IETF's TLS working group...