Tls

CVE-2026-42790 is a vulnerability in Microsoft products related to name constraints DNS bypass via subject CommonName fallback in public_key hostname verification.

A vulnerability in Deno's Node.js tls compatibility layer (versions 2.0.0 to 2.7.7) allows a network attacker to intercept and tamper with plaintext application data transmitted over a supposedly TLS-protected connection when `autoSelectFamily` is enabled and the initial connection attempt fails, leading to potential information disclosure and data manipulation.

A remote attacker can trigger a heap overread in libgnutls by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, potentially leading to information disclosure.

CVE-2026-42012 describes a vulnerability in GnuTLS where a remote attacker can spoof legitimate services or intercept sensitive information by presenting a specially crafted certificate with URI or SRV SANs, causing the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN).

IBM HTTP Server 8.5 and 9.0 are vulnerable to remote code execution and denial of service in configurations utilizing TLS mutual authentication (client authentication).

CVE-2025-14575 describes an uncontrolled search path element vulnerability in the Qt Network OpenSSL TLS backend, allowing for the loading of rogue CA certificates, potentially leading to man-in-the-middle attacks.

The epa4all-client library before version 1.2.2 is vulnerable to a TLS certificate validation issue, allowing a man-in-the-middle attacker to intercept SOAP traffic and sensitive patient data by presenting a malicious TLS certificate.

CVE-2026-32283 is a vulnerability in crypto/tls that allows unauthenticated TLS 1.3 KeyUpdate records, leading to persistent connection retention and a denial-of-service condition.

CVE-2026-34073 is a vulnerability in unspecified Microsoft products due to incomplete DNS name constraint enforcement on peer names, potentially leading to certificate validation bypass.

CVE-2026-41898 describes a vulnerability in rust-openssl where unchecked callback-returned length in PSK and cookie generation can cause OpenSSL to leak adjacent memory to a network peer.

Juju controller versions 3.2.0 up to 3.6.20 and 4.0.5 are vulnerable to unauthorized database access due to improper TLS client/server authentication and certificate verification, allowing an attacker with network access to modify all information, escalate privileges, and open firewall ports.