PT-2026-47000

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

Astra Linux - уязвимость в curl

Curl versions 7.63.0 through 7.75.0 include a vulnerability that allows a malicious HTTPS proxy to intercept connections by mishandling TLS 1.3 session tickets. When using an HTTPS proxy and TLS 1.3, libcurl may misinterpret session tickets sent from the HTTPS proxy as those coming from the remot...

SUSE CVE-2016-9244

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer SSL session IDs from other sessions. It is possible...

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017535)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017535 advisory. curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets...

RHCOS 4 : OpenShift Container Platform 4.11.5 (RHSA-2022:6535)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:6535 advisory. - golang: crypto/tls: session tickets lack random ticketageadd CVE-2022-30629 Note that Nessus has not tested for this issue but has instead...

Security Bulletin: Security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in nginx affects IBM Robotic Process Automation for Cloud Pak. Nginx is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details...

SUSE-SU-2026:20623-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues: - Update to version 1.25.7 jscSLE-18320 - CVE-2025-61730: crypto/tls: handshake messages may be processed at the incorrect encryption level bsc1256821 - CVE-2025-68119: cmd/go: unexpected code execution when invoking toolchain bsc1256820 ...

Medium: docker

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

SUSE-SU-2026:20429-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to version 1.24.13. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session...

SUSE-SU-2026:20428-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session...

MGASA-2026-0035 Updated golang packages fix security vulnerabilities

net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...

Updated golang packages fix security vulnerabilities

net/http: memory exhaustion in Request.ParseForm. CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives. CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level. CVE-2025-61730 cmd/go: bypass of flag sanitization can lead to...

MiracleLinux 9 : skopeo-1.11.2-0.1.el9 (AXSA:2023-5634:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5634:02 advisory. golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session tickets lack random...

MiracleLinux 9 : buildah-1.29.1-1.el9 (AXSA:2023-5642:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5642:02 advisory. golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests CVE-2022-41717 golang: crypto/tls: session...

BIT-NGINX-GATEWAY-2025-23419 TLS Session Resumption Vulnerability

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets...

Siemens SIMATIC S7-1500 Authentication Bypass by Spoofing (CVE-2021-22890)

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

JLSEC-2025-27 curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MI...

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

EUVD-2021-10022

Malware in sbrugna...

EUVD-2022-35527

Malicious code in bioql PyPI...

Amazon Linux 2 : nginx (ALASNGINX1-2025-008)

The version of nginx installed on the remote host is prior to 1.26.3-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2NGINX1-2025-008 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to...