Browse all 3 CVE security advisories affecting sni. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SNI (Server Name Indication) is a TLS extension designed to enable multiple HTTPS services on a single IP address by specifying the hostname during the handshake. Historically, SNI implementations have been vulnerable to classes including remote code execution, cross-site scripting, and privilege escalation due to parsing flaws and buffer overflows. Notable security characteristics include its susceptibility to downgrade attacks and information leakage through improper validation. While no major incidents have been widely documented, the three CVEs associated with SNI highlight risks in server-side implementations, particularly in web servers and reverse proxies that fail to properly handle malformed SNI data, potentially exposing systems to compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-39915 | Authenticated remote code execution in Thruk — ThrukCWE-94 | 10.0 | Critical | 2024-07-15 |
| CVE-2024-23822 | Thruk Incorrect limitation of a pathname to a restricted directory (Path Traversal) (CWE-22) — ThrukCWE-22 | 5.4 | Medium | 2024-01-29 |
| CVE-2023-34096 | Thruk has Path Traversal Vulnerability in panorama.pm — ThrukCWE-22 | 6.5 | Medium | 2023-06-08 |
This page lists every published CVE security advisory associated with sni. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.