Lucene search
K

595 matches found

Vulnrichment
Vulnrichment
added 2026/07/02 4:6 p.m.12 views

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS5.8AI score0.00135EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 12:15 p.m.5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54772

Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...

9.1CVSS5.8AI score
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 8:27 p.m.3 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 8:17 p.m.4 views

UBUNTU-CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5460

A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography PQC hybrid KeyShare processing. In the error handling path of TLSXKeyShareProcessPqcHybridClient in src/tls.c, the inner function TLSXKeyShareProcessPqcClientex frees a KyberKey object upon encountering an error. The call...

6.5CVSS5.5AI score0.00275EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 4:3 p.m.20 views

RLSA-2026:19136 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

7.8CVSS5.8AI score0.00621EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/26 5:43 a.m.19 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Amazon
Amazon
added 2026/05/26 12:0 a.m.26 views

Important: amazon-cloudwatch-agent

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.1AI score0.01163EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/05/20 5:28 p.m.17 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.16 views

PT-2026-42202

Name of the Vulnerable Software and Affected Versions OCaml-TLS versions prior to 2.1.0 Description The client implementation in OCaml-TLS fails to properly validate the KeyUsage and ExtendedKeyUsage EKU extensions of server certificates during TLS 1.3 handshakes. Specifically, the answer...

7.4CVSS5.2AI score0.00225EPSS
Exploits1References2
OSV
OSV
added 2026/05/19 1:5 a.m.11 views

CLSA-2026-1779152708 grafana: Fix of CVE-2026-32283

CVE-2026-32283: rebuild against golang = 1.25.7-1.el96.tuxcare.els5 to fix crypto/tls DoS where multiple post-handshake KeyUpdate messages in a single TLS 1.3 record deadlock the connection setReadTrafficSecret reacquired the conn mutex via sendAlert...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.15 views

RHEL 10 : grafana-pcp (RHSA-2026:19136)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:19136 advisory. The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and...

7.5CVSS7.3AI score0.00621EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/14 12:0 a.m.20 views

Important: docker

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS7.3AI score0.08123EPSS
Exploits1
Amazon
Amazon
added 2026/05/14 12:0 a.m.24 views

Medium: runfinch-finch

Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a...

9.8CVSS7AI score0.00632EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.9 views

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of sockets created with IPPROTOTLS13. When both TLS versions are enabled, TLS 1.2 can still be negotiated, as the protocol selection at the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References1
OSV
OSV
added 2026/05/06 12:5 p.m.15 views

RLSA-2026:11712 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root CVE-2026-32282 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key...

7.8CVSS7.3AI score0.00621EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/05/06 12:5 p.m.16 views

grafana-pcp security update

An update is available for grafana-pcp. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Grafana plugin for Performance Co-Pilot includes datasources for...

7.5CVSS5.8AI score0.00621EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RockyLinux 10 : grafana-pcp (RLSA-2026:11881)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:11881 advisory. crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVE-2026-32283 Tenable has extracted the preceding description blo...

7.5CVSS5.8AI score0.00621EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.10 views

Amazon Linux 2023 : nerdctl (ALAS2023-2026-1605)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1605 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

9.8CVSS6AI score0.00651EPSS
Exploits0References22
Rows per page
Query Builder