Lucene search
K

13 matches found

Hacker One
Hacker One
added 2026/06/04 1:45 a.m.28 views

Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions

Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...

7.5CVSS6.1AI score0.01056EPSS
Exploits0
OSV
OSV
added 2026/03/06 10:16 p.m.1 views

DEBIAN-CVE-2026-27138

Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...

5.9CVSS7.8AI score0.0035EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises when a certificate in the chain has an empty DNS name, and another...

5.9CVSS7.2AI score0.0035EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 2: thunderbird (TSSA-2024:0132)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0132 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

8.8CVSS8AI score0.01285EPSS
Exploits5References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-15340

Malware in sbrugna...

7.5CVSS7.4AI score0.01686EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-40750

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.01736EPSS
Exploits2References7
OSV
OSV
added 2024/04/08 9:35 a.m.6 views

SUSE-SU-2024:1147-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.9 bsc1221327 - CVE-2024-0743: Crash in NSS TLS method - CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector - CVE-2024-2607: JIT code failed to save return registers on Armv7-A -...

8.8CVSS8AI score0.01285EPSS
Exploits4References12
OSV
OSV
added 2024/03/27 7:24 p.m.11 views

MGASA-2024-0092 Updated nss firefox, nss packages fix security vulnerabilities

Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...

8.8CVSS9.5AI score0.047EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2024/03/25 8:13 p.m.33 views

Moderate: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

8.8CVSS7.1AI score0.01285EPSS
Exploits5References10
RedHat Linux
RedHat Linux
added 2024/03/25 7:35 p.m.48 views

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.8CVSS7.1AI score0.047EPSS
Exploits4References11
F5 Networks
F5 Networks
added 2023/02/21 6:48 p.m.71 views

K37526132: OpenSSL vulnerability CVE-2017-3731

Security Advisory Description If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when...

7.5CVSS7.9AI score0.57595EPSS
Exploits1Affected Software2
OSV
OSV
added 2019/10/07 2:20 p.m.7 views

OPENSUSE-SU-2019:2278-1 Security update for dovecot23

This update for dovecot23 fixes the following issue: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. - CVE-2019-11494: Fixed a...

9.8CVSS8.6AI score0.62324EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2014/04/16 12:0 a.m.56 views

AIX OpenSSL Advisory : openssl_advisory.asc

The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. OpenSSL before 0.9.8m does not check for a NULL return value...

10CVSS7.4AI score0.2035EPSS
Exploits6References5
Rows per page
Query Builder