13 matches found
Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions
Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...
DEBIAN-CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises when a certificate in the chain has an empty DNS name, and another...
TencentOS Server 2: thunderbird (TSSA-2024:0132)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0132 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...
EUVD-2021-15340
Malware in sbrugna...
EUVD-2022-40750
Malicious code in bioql PyPI...
SUSE-SU-2024:1147-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.9 bsc1221327 - CVE-2024-0743: Crash in NSS TLS method - CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector - CVE-2024-2607: JIT code failed to save return registers on Armv7-A -...
MGASA-2024-0092 Updated nss firefox, nss packages fix security vulnerabilities
Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...
Moderate: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Critical: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
K37526132: OpenSSL vulnerability CVE-2017-3731
Security Advisory Description If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when...
OPENSUSE-SU-2019:2278-1 Security update for dovecot23
This update for dovecot23 fixes the following issue: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. - CVE-2019-11494: Fixed a...
AIX OpenSSL Advisory : openssl_advisory.asc
The version of OpenSSL running on the remote host is affected by the following vulnerabilities : - In TLS connections, certain incorrectly formatted records can cause an OpenSSL client or server to crash due to a read attempt at NULL. OpenSSL before 0.9.8m does not check for a NULL return value...