Количество 125
Количество 125
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
CVE-2025-68121
Unexpected session resumption in crypto/tls
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has ...
RLSA-2026:2323
Important: git-lfs security update
RLSA-2026:1908
Important: opentelemetry-collector security update
RLSA-2026:1715
Important: golang-github-openprinting-ipp-usb security update
RLSA-2026:1518
Important: grafana-pcp security update
RLSA-2026:1344
Important: grafana security update
RLSA-2026:0923
Important: golang security update
RLSA-2026:0922
Important: golang security update
RLSA-2026:0921
Important: go-toolset:rhel8 security update
GHSA-7c64-f9jr-v9h2
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
ELSA-2026-2323
ELSA-2026-2323: git-lfs security update (IMPORTANT)
ELSA-2026-2124
ELSA-2026-2124: osbuild-composer security update (IMPORTANT)
ELSA-2026-1715
ELSA-2026-1715: golang-github-openprinting-ipp-usb security update (IMPORTANT)
ELSA-2026-1518
ELSA-2026-1518: grafana-pcp security update (IMPORTANT)
ELSA-2026-1344
ELSA-2026-1344: grafana security update (IMPORTANT)
ELSA-2026-0923
ELSA-2026-0923: golang security update (IMPORTANT)
ELSA-2026-0922
ELSA-2026-0922: golang security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-68121 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake. | CVSS3: 7.4 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-68121 During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake. | CVSS3: 10 | 0% Низкий | около 2 месяцев назад |
 | CVE-2025-68121 Unexpected session resumption in crypto/tls | 0% Низкий | 21 день назад | |
| CVE-2025-68121 During session resumption in crypto/tls, if the underlying Config has ... | CVSS3: 10 | 0% Низкий | около 2 месяцев назад |
 | RLSA-2026:2323 Important: git-lfs security update | 0% Низкий | около 1 месяца назад | |
| RLSA-2026:1908 Important: opentelemetry-collector security update | 0% Низкий | около 2 месяцев назад | |
| RLSA-2026:1715 Important: golang-github-openprinting-ipp-usb security update | 0% Низкий | около 2 месяцев назад | |
| RLSA-2026:1518 Important: grafana-pcp security update | 0% Низкий | около 2 месяцев назад | |
| RLSA-2026:1344 Important: grafana security update | 0% Низкий | около 2 месяцев назад | |
| RLSA-2026:0923 Important: golang security update | 0% Низкий | 2 месяца назад | |
| RLSA-2026:0922 Important: golang security update | 0% Низкий | 2 месяца назад | |
| RLSA-2026:0921 Important: go-toolset:rhel8 security update | 0% Низкий | 2 месяца назад | |
| GHSA-7c64-f9jr-v9h2 Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption. | CVSS3: 7.5 | 0% Низкий | 4 месяца назад |
| ELSA-2026-2323 ELSA-2026-2323: git-lfs security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2026-2124 ELSA-2026-2124: osbuild-composer security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2026-1715 ELSA-2026-1715: golang-github-openprinting-ipp-usb security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2026-1518 ELSA-2026-1518: grafana-pcp security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2026-1344 ELSA-2026-1344: grafana security update (IMPORTANT) | около 2 месяцев назад | ||
| ELSA-2026-0923 ELSA-2026-0923: golang security update (IMPORTANT) | 2 месяца назад | ||
| ELSA-2026-0922 ELSA-2026-0922: golang security update (IMPORTANT) | 2 месяца назад |
Уязвимостей на страницу