Lucene search
K

371 matches found

OSV
OSV
added 2026/05/07 12:16 p.m.10 views

ALPINE-CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References1
NVD
NVD
added 2026/05/07 12:16 p.m.29 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS0.0105EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 p.m.13 views

CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

7.1CVSS5.8AI score0.0105EPSS
Exploits0References21
RedhatCVE
RedhatCVE
added 2026/05/07 12:0 p.m.16 views

CVE-2026-42010

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 5:20 p.m.16 views

CVE-2026-41898

CVE-2026-41898 affects the rust-openssl bindings for Rust. The vulnerability arises in the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback, set_cookie_generate_cb, and set_stateless_cookie_generate_cb, where the user closure’s returned usize was forwarde...

9.8CVSS5.6AI score0.00412EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/24 3:59 p.m.7 views

EUVD-2026-23943

AWS Encryption SDK for Python: Key commitment policy bypass via shared key cache...

5.7CVSS5.1AI score0.00096EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-35041

Name of the Vulnerable Software and Affected Versions rust-openssl versions 0.9.24 through 0.10.77 Description FFI trampolines behind the functions set psk client callback, set psk server callback, set cookie generate cb, and set stateless cookie generate cb in SslContextBuilder forward the user...

9.8CVSS5.5AI score0.00412EPSS
Exploits0References29
NVD
NVD
added 2026/04/20 8:16 p.m.8 views

CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS0.00096EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 7:20 p.m.31 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS0.00096EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/20 7:20 p.m.7 views

CVE-2026-6550 Key commitment policy bypass via shared key cache in AWS Encryption SDK for Python

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 7:20 p.m.15 views

CVE-2026-6550

The vulnerability CVE-2026-6550 affects the AWS Encryption SDK for Python in its caching layer. A cryptographic downgrade in the key cache could allow an authenticated local actor to bypass key commitment policy enforcement, enabling ciphertext to be decrypted into multiple possible plaintexts. A...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33829

Name of the Vulnerable Software and Affected Versions Amazon AWS Encryption SDK for Python versions prior to 3.3.1 Amazon AWS Encryption SDK for Python versions prior to 4.0.5 Description A cryptographic algorithm downgrade in the caching layer may allow an authenticated local threat actor to...

5.7CVSS5.7AI score0.00096EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7AI score0.01056EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.5 views

nodejs: Nodejs denial of service

A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when pskCallback or ALPNCallback are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths tlsClientError and error, causing either immediate...

7.5CVSS7AI score0.01056EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 6:16 p.m.3 views

ALPINE-CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:0 p.m.3 views

CVE-2026-1584

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.9AI score0.01382EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/09 6:0 p.m.4 views

CVE-2026-1584 Gnutls: gnutls: remote denial of service via crafted clienthello with invalid psk binder

A flaw was found in gnutls. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted ClientHello message with an invalid Pre-Shared Key PSK binder value during the TLS handshake. This can lead to a NULL pointer dereference, causing the server to crash and...

7.5CVSS5.8AI score0.01382EPSS
Exploits0References3
CVE
CVE
added 2026/04/09 6:0 p.m.27 views

CVE-2026-1584

The CVE-2026-1584 entry concerns gnutls. A remote, unauthenticated attacker can trigger a NULL pointer dereference during TLS via a crafted ClientHello that has an invalid PSK binder, causing a server crash and remote DoS. Connected documents confirm this vulnerability across multiple sources (NV...

7.5CVSS5.9AI score0.01382EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/03/30 2:36 p.m.1 views

SUSE-SU-2026:20968-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-14831: Fixed DoS via excessive resource consumption during certificate verification. bsc1257960 - CVE-2025-9820: Fixed a buffer overflow in gnutlspkcs11tokeninit. bsc1254132 - Add the functionality to allow to specify the hash algorith...

5.3CVSS6.7AI score0.00638EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.5 views

Node.js 20.x < 20.20.2 Multiple Vulnerabilities (Tuesday, March 24, 2026 Security Releases).

The version of Node.js installed on the remote host is prior to 20.20.2. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, March 24, 2026 Security Releases advisory. - A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of ...

7.5CVSS6.9AI score0.26356EPSS
Exploits0References10
Rows per page
Query Builder