kernel: sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

DEBIAN-CVE-2025-38571

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

DEBIAN-CVE-2025-38566

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tlsalertrecv due to its assumption it can read data from the msg iterator's kvec.. kTLS implementation splits TLS non-da...

Oracle Linux 8 : olcne (ELSA-2021-9396)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9396 advisory. - Address Istio CVE's CVE-2021-28683, CVE-2021-28682, CVE-2021-29258, CVE-2021-31920, CVE-2021-31921, CVE-2021-34824 istio - Address CVE-2021-28683,...

Null pointer dereference

An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received...

CVE-2021-28683

A NULL pointer dereference vulnerability was found envoyproxy/envoy. This flaw allows an attacker to establish a TLS session that sends an invalid TLS alert code, causing a NULL pointer exception to occur that crashes the application, resulting in a denial of service. The highest threat from this...

SSL/TLS: Malformed plain-text ALERT packets could cause remote DoS

A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients...

Finding Ticketbleed

Ticketbleed CVE-2016-9244 is a software vulnerability in the TLS stack of certain F5 products that allows a remote attacker to extract up to 31 bytes of uninitialized memory at a time, which can contain any kind of random sensitive information, like in Heartbleed. If you suspect you might be...

FormAssembly: formassembly.com is vulnerable to padding-oracle attacks.

Dear Formassembly bug bounty team, Summary --- formassembly.com is vulnerable to CVE-2016-2107, allowing remote attackers to obtain sensitive information via padding-oracle attacks. $ git clone https://github.com/FiloSottile/CVE-2016-2107.git $ go run main.go www.formassembly.com ... Vulnerable:...