Lucene search
K

293 matches found

RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-58253

A flaw was found in NATS Server. When the noauthuser configuration is enabled, a parser optimization intended for client connections can inadvertently apply to route or leafnode listeners. This allows an unauthenticated attacker on an adjacent network to bypass inter-server authentication...

8.8CVSS6AI score0.00388EPSS
Exploits0References10
CVE
CVE
added 6 days ago12 views

CVE-2026-58253

NATS Server (affected: prior to 2.14.0, 2.12.7, and 2.11.16) contains a parser fast path vulnerability where no_auth_user handling could apply to route/leafnode listeners, enabling an unauthenticated peer to bypass inter‑server CONNECT authentication and operate with the privileges of that connec...

8.8CVSS6AI score0.00388EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53880

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description A memory overflow issue exists when the appliance is configured as an AAA virtual server or a Gateway including SSL VPN, ICA Proxy, CVP...

9.8CVSS6.2AI score0.00486EPSS
Exploits0References13
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.6 views

wrong reuse for different services

libcurl might in some circumstances reuse the wrong connection when asked to do Negotiate-authenticated ones, even when they are set to use different "services". libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When...

6.5CVSS5.8AI score0.00543EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2026/06/24 6:38 a.m.7 views

USN-8457-2 mysql-8.0 vulnerabilities

USN-8457-1 fixed several vulnerabilities in MySQL. This update provides the corresponding fixes for MySQL on Ubuntu 20.04 LTS Original advisory details: It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote attacker could possibl...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : MySQL vulnerabilities (USN-8457-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8457-1 advisory. It was discovered that MySQL Router incorrectly handled repeated TLS protocol upgrade requests. An unauthenticated remote...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens SIMATIC S7-1500 TM MFP Use After Free (CVE-2026-28387)

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS7.6AI score0.00631EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36764

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...

5.2AI score0.00225EPSS
Exploits1References2
NVD
NVD
added 2026/06/10 10:17 p.m.13 views

CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS0.00218EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 8:21 p.m.11 views

EUVD-2026-36126

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/10 8:21 p.m.11 views

CVE-2026-46705

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user nam...

5.3CVSS5.4AI score0.00218EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/04 6:43 a.m.6 views

CVE-2026-50205

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

8.8CVSS5.8AI score0.00238EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/05/21 7:5 a.m.49 views

curl: curl GnuTLS backend accepts a clientAuth-only certificate for HTTPS server authentication

Summary: When curl/libcurl is built with the GnuTLS backend, the current HTTPS server-certificate validation path verifies the trust chain and hostname but does not enforce TLS server Extended Key Usage semantics. As a result, a leaf certificate that chains to a trusted CA, matches the requested...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/20 1:50 p.m.32 views

OSEC-2026-06 TLS-client (with TLS 1.3) does insufficient certificate checks (missing KeyUsage and ExtendedKeyUsage validation)

The ocaml-TLS 1.3 client does not validate the KeyUsage and ExtendedKeyUsage extensions of the server certificate. This can lead to impersonation with a certificate issued to a client. Scenario Every employee at a major bank carries a smart card. The card holds a clientAuth certificate issued by...

7.4CVSS5.8AI score0.00225EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server-side authentication against a SAM file might succeed with invalid credentials if the server had configured an invalid SAM file path. Clients based on FreeRDP are not affected by this issue. However...

9.8CVSS7.2AI score0.02265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42202

Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...

7.4CVSS5.2AI score0.00225EPSS
Exploits1References2
Hacker One
Hacker One
added 2026/05/14 11:6 a.m.26 views

curl: Schannel custom-CA path skips Extended Key Usage enforcement

Hi all, We believe the Schannel custom-CA verification path in lib/vtls/schannelverify.c may skip Extended Key Usage enforcement. In particular, a certificate that chains to the trusted custom CA but contains only id-kp-clientAuth, rather than id-kp-serverAuth, may pass peer verification on Windo...

5.9AI score
Exploits0
NVD
NVD
added 2026/05/13 4:17 p.m.17 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.0011EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 4:17 p.m.14 views

DEBIAN-CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/13 4:17 p.m.10 views

CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References3
Rows per page
Query Builder