Lucene search
+L

114 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.16 views

Erlang/OTP 22.2 < 27.3.4.14 / 28.0 < 28.5.0.3 / 29.0 < 29.0.3 DoS (CVE-2026-55952)

The version of Erlang/OTP installed on the remote host is 22.2 prior to 27.3.4.14, 28.0 prior to 28.5.0.3, or 29.0 prior to 29.0.3. It is, therefore, affected by a vulnerability: - The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3...

8.2CVSS6.2AI score0.00487EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 5:17 p.m.12 views

CVE-2026-54891

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS0.00135EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 5:17 p.m.12 views

UBUNTU-CVE-2026-55952

The Erlang/OTP ssl application does not validate that the PSK identity list and binder list carried in a TLS 1.3 ClientHello pre-shared key extension have equal length before passing them to the session ticket handler. In tlshandshake13:handlepresharedkey/3, an OfferedPreSharedKeys record with a...

8.2CVSS6.1AI score0.00487EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/07/02 4:6 p.m.13 views

CVE-2026-54891 Plaintext APPLICATION_DATA injected during TLS handshake delivered to client application post-handshake in ssl

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in Erlang/OTP ssl tlsgenconnection module allows a network-positioned attacker to inject unauthenticated plaintext that the TLS client application later treats as authenticated server data. The...

6.3CVSS5.8AI score0.00135EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 8:17 p.m.9 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS0.00346EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/06/18 12:0 a.m.8 views

openssl security update

1:1.1.1k-16 - Fix CVE-2026-45447: Heap Use-After-Free in OpenSSL PKCS7verify Resolves: RHEL-180978 - Fix CVE-2024-4741: Use After Free with SSLfreebuffers Resolves: RHEL-180983 1:1.1.1k-15 - Fix CVE-2025-69419: Arbitrary code execution due to out-of-bounds write in PKCS12 processing...

8.8CVSS5.8AI score0.05582EPSS
Exploits2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in OpenSSL

Issue Summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. Impact Summary: Attackers may exploit certain server configurations to trigger unbounded memory growth, leading to a Denial of Service attack. This issue can occur in...

5.9CVSS6.5AI score0.54026EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/11 10:53 p.m.18 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.25 views

PT-2026-39574

Zephyr sockets created with IPPROTO TLS 1 3 can still negotiate a TLS 1.2 connection when both TLS versions are enabled in Kconfig, because the socket-level protocol selection is not propagated to mbedTLS e.g. via mbedtls ssl conf min tls version. The ClientHello advertises both versions and the...

5.3CVSS5.8AI score0.00243EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.6 views

Cisco Firepower Threat Defense (FTD) Software SSL Decryption Policy DoS (cisco-sa-ftd-dnd-dos-bpEcg7B7)

According to its self-reported version, Cisco Secure Firewall Threat Defense FTD Software is affected by a vulnerability. - A vulnerability in the Do Not Decrypt exclusion feature of the SSL decryption feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated,...

6.8CVSS5.8AI score0.00377EPSS
Exploits0References4
OSV
OSV
added 2026/04/10 12:31 p.m.3 views

GHSA-5568-6QCG-G7FX Apache ActiveMQ: Denial of Service via Out of Memory vulnerability

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 10:54 a.m.26 views

CVE-2026-39304

Summary: CVE-2026-39304 describes a DoS via Out-of-Memory in Apache ActiveMQ components caused by TLSv1.3 KeyUpdate handling in NIO SSL transports. The broker and clients are affected for multiple versions prior to 6.2.4 or 5.19.4, with the recommended fixes being 6.2.4 or 5.19.5. The issue arise...

7.5CVSS5.8AI score0.00896EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/10 10:54 a.m.3 views

CVE-2026-39304 Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incorrect handling of TLSv1.3 KeyUpdate can be exploited to cause DoS via OOM

Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates triggered by clients. This makes it possible for a client to rapidly trigger updates which causes...

5.8AI score0.00896EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 8:0 a.m.29 views

CVE-2026-5244

CVE-2026-5244 affects Cesanta Mongoose

9.8CVSS7.2AI score0.00727EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:0 a.m.4 views

CVE-2026-34873

An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session...

5.9AI score0.00241EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/01 12:0 a.m.5 views

Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

Overview Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation 'Algorithm Downgrade' in the TLS 1.3 session resumption logic if the subsequent ClientHello negotiates TLS 1.2 back. An attacker can gain unauthorized access by impersonating a...

9.1CVSS5.8AI score0.00241EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.8 views

Amazon Linux 2023 : openssl, openssl-devel, openssl-fips-provider-latest (ALAS2023-2026-1522)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1522 advisory. Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword...

6.5CVSS7.3AI score0.00435EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/19 8:59 p.m.22 views

CVE-2026-3230 Improper key_share validation in TLS 1.3 HelloRetryRequest

Missing required cryptographic step in the TLS 1.3 client HelloRetryRequest handshake logic in wolfSSL could lead to a compromise in the confidentiality of TLS-protected communications via a crafted HelloRetryRequest followed by a ServerHello message that omits the required keyshare extension,...

2.1CVSS0.00209EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/13 7:54 p.m.8 views

CVE-2026-2673

Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the 'DEFAULT' keyword. Impact summary: A less preferred key exchange may be used even when a more preferred group is...

6.5CVSS5.9AI score0.00435EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/03 12:0 a.m.4 views

Oracle Linux 10 : curl (ELSA-2026-1825)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1825 advisory. 8.12.1-2.el101.2 - openssl: respect system crypto policy for TLS max version RHEL-128923 8.12.1-2.el101.1 - cookie: don't treat the leading slash as trailing...

7.5CVSS5.5AI score0.01301EPSS
Exploits1References2
Rows per page
Query Builder