Lucene search
K

7 matches found

OSV
OSV
added last week5 views

USN-8487-1 curl vulnerabilities

Andrew Nesbitt discovered that curl could reuse an existing live connection during STARTTLS-based connection upgrades even when the TLS configuration did not match. A remote attacker could possibly use this issue to cause curl to use an unintended TLS configuration. CVE-2026-8286 Muhamad Arga...

9.8CVSS6.1AI score0.0025EPSS
Exploits0References11
OSV
OSV
added 2026/03/23 6:16 p.m.5 views

GO-2026-4793 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References5
Amazon
Amazon
added 2026/03/06 12:0 a.m.6 views

Medium: containerd

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 crypto/tls: handshake messages may be processed at the incorrect encryption level CVE-2025-61730 crypto/tls: Config.Clone copies...

10CVSS6AI score0.01945EPSS
Exploits2
OSV
OSV
added 2024/01/26 1:57 a.m.36 views

GHSA-GR79-9V6V-GC9R Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Summary Dex 2.37.0 is serving HTTPS with insecure TLS 1.0 and TLS 1.1. Details While working on https://github.com/dexidp/dex/issues/2848 and implementing configurable TLS support, I noticed my changes did not have any effect in TLS config, so I started investigating...

8.7CVSS7.4AI score0.00435EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/01/25 7:45 p.m.6 views

CVE-2024-23656 Dex 2.37.0 is discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers

Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. cmd/dex/serve.go line 425 seemingly sets TLS 1.2 as minimum version, but the whole tlsConfig is ignored after TLS cert reloader was introduced in...

7.5CVSS7.4AI score0.00435EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2017/05/09 12:0 a.m.48 views

openSUSE Security Update : libressl (openSUSE-2017-561)

This update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation boo968050. - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing...

5.5CVSS7.1AI score0.0191EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2017/05/09 12:0 a.m.68 views

openSUSE Security Update : libressl (openSUSE-2017-560)

This update for libressl to version 2.5.1 fixes the following issues : These security issues were fixed : - CVE-2016-0702: Prevent side channel attack on modular exponentiation boo968050. - CVE-2016-7056: Avoid a side-channel cache-timing attack that can leak the ECDSA private keys when signing...

5.5CVSS7.1AI score0.0191EPSS
Exploits1References4
Rows per page
Query Builder