Tag

Tls

4 briefs RSS

CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate DoS Vulnerability

CVE-2026-32283 is a vulnerability in crypto/tls that allows unauthenticated TLS 1.3 KeyUpdate records, leading to persistent connection retention and a denial-of-service condition.

denial-of-service tls crypto/tls

2r 1t 1c 4d ago

medium advisory

CVE-2026-34073: Incomplete DNS Name Constraint Enforcement Vulnerability

2 rules 1 CVE

CVE-2026-34073 is a vulnerability in unspecified Microsoft products due to incomplete DNS name constraint enforcement on peer names, potentially leading to certificate validation bypass.

certificate validation man-in-the-middle dns name constraint tls cve-2026-34073

2r 1c 4d ago

medium advisory

rust-openssl Memory Leak via Unchecked Callback Length (CVE-2026-41898)

2 rules 1 CVE

CVE-2026-41898 describes a vulnerability in rust-openssl where unchecked callback-returned length in PSK and cookie generation can cause OpenSSL to leak adjacent memory to a network peer.

rust-openssl memory-leak tls cve

2r 1c 5d ago

critical advisory

Juju Controller Vulnerable to Unauthorized Database Access Due to Improper TLS Configuration

2 rules 3 TTPs

Juju controller versions 3.2.0 up to 3.6.20 and 4.0.5 are vulnerable to unauthorized database access due to improper TLS client/server authentication and certificate verification, allowing an attacker with network access to modify all information, escalate privileges, and open firewall ports.

juju dqlite tls vulnerability

2r 3t Apr 2, 2026