Lucene search
K

53 matches found

CVE
CVE
added 2026/06/25 9:31 p.m.19 views

CVE-2026-7532

CVE-2026-7532 describes an IP address name constraints bypass in WolfSSL when WOLFSSL_IP_ALT_NAME is not defined. In this configuration, IP address name constraints are not enforced, allowing a certificate to bypass an issuing CA’s IP address constraints. This affects WolfSSL deployments that rel...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/25 8:17 p.m.4 views

UBUNTU-CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.4 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Golang-1.19, Golang-1.23

A certificate with a URI that has an IPv6 address and a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not allowed in web PKIs; therefore, this only affects users of private PKIs that use URIs...

6.1CVSS6.7AI score0.00458EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/11 12:3 p.m.19 views

osbuild-composer security update

An update is available for osbuild-composer. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list A service for building customized OS artifacts, such as VM images an...

10CVSS6.8AI score0.01945EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.14 views

EulerOS Virtualization 2.13.0 : gnutls (EulerOS-SA-2026-2168)

According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory...

5.3CVSS6.8AI score0.00638EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.16 views

RHEL 10 : image-builder (RHSA-2026:22937)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22937 advisory. A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes:...

10CVSS5.7AI score0.01945EPSS
Exploits2References19
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44905

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically...

7.5CVSS5.5AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 10:16 p.m.17 views

CVE-2026-44905

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically...

7.5CVSS0.00202EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: eclipse-ecf (UTSA-2026-016602)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016602 advisory. The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate...

5.8CVSS5.8AI score0.0123EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/19 6:26 p.m.18 views

Important: Red Hat Security Advisory: golang security update

An update for golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1070e Security Update: golang (UTSA-2026-017392)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017392 advisory. A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates...

6.1CVSS5.8AI score0.00458EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/13 11:26 p.m.6 views

SUSE CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References3
OSV
OSV
added 2026/04/13 5:43 a.m.9 views

BIT-GOLANG-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References41
OSV
OSV
added 2026/03/30 9:17 p.m.7 views

ALPINE-CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.3AI score0.00158EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/06 9:28 p.m.2 views

CVE-2026-27137

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS5.8AI score0.00606EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.3 views

Debian dsa-6140 : gnutls-bin - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6140 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6140-1 [email protected]...

5.3CVSS5.6AI score0.00638EPSS
Exploits1References7
SUSE Linux
SUSE Linux
added 2026/02/11 8:32 a.m.5 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session tick...

9.6CVSS5.7AI score0.00765EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/02/09 2:51 p.m.7 views

CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.4AI score0.00638EPSS
Exploits1References28
RedhatCVE
RedhatCVE
added 2026/02/09 2:51 p.m.7 views

CVE-2025-14831

A flaw was found in GnuTLS. This vulnerability allows a denial of service DoS by excessive CPU Central Processing Unit and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names SANs...

5.3CVSS5.4AI score0.00638EPSS
Exploits1References4
Rows per page
Query Builder