Lucene search
K

125 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago11 views

Linux Distros Unpatched Vulnerability : CVE-2026-6412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. CVE-2026-6412 Note that Nessus...

4.3CVSS6AI score0.00074EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 p.m.2 views

DEBIAN-CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS5.8AI score0.00074EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 p.m.6 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS0.00074EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 8:38 p.m.20 views

CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS0.00074EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 8:38 p.m.4 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS5.8AI score0.00074EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:38 p.m.14 views

CVE-2026-6412

Technical details about CVE-2026-6412 are not publicly available in the provided documents. Monitor for updates from the cited sources (WolfSSL, NVD, Debian tracker, CVE List, OSV, EUVD, etc.).

4.3CVSS5.8AI score0.00074EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:38 p.m.6 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/25 8:38 p.m.8 views

EUVD-2026-39560

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52584

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description There are certificate policy and RFC 8446 compliance concerns due to the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing...

4.3CVSS5.7AI score0.00074EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in OpenSSL

Applications that use non-default options when verifying certificates may be vulnerable to attacks from a malicious Certificate Authority CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL, and other certificate policy checks for tho...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 2:2 p.m.6 views

OESA-2026-2333 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

9.8CVSS6AI score0.01335EPSS
Exploits1References10
OSV
OSV
added 2026/05/15 8:5 a.m.5 views

CLSA-2026-1778832314 Fix CVE(s): CVE-2026-3833

SECURITY UPDATE: Certificate policy bypass via case-sensitive nameConstraints - debian/patches/CVE-2026-3833.patch: replace memcmp with cstrncasecmp in endswith, emailendswith, dnsnamematches and emailmatches in lib/x509/nameconstraints.c so DNS labels and email domains are compared...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
Amazon
Amazon
added 2026/05/14 12:0 a.m.22 views

Medium: runfinch-finch

Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a...

9.8CVSS7AI score0.00621EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-116 (ALASDOCKER-2026-116)

The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-116 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

9.8CVSS6AI score0.00621EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.6 views

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-111 (ALASDOCKER-2026-111)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

9.8CVSS8AI score0.08123EPSS
Exploits1References20
Amazon
Amazon
added 2026/04/30 12:0 a.m.15 views

Important: containerd

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

9.8CVSS6.6AI score0.00651EPSS
Exploits0
OSV
OSV
added 2026/04/27 6:33 p.m.14 views

JLSEC-2026-237 The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate...

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

5.3CVSS6.3AI score0.01625EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.2 views

MiracleLinux 7 : openssl-1.0.2k-26.0.1.el7.AXS7 (AXSA:2024-8619:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8619:05 advisory. CVE-2023-0215: biondef: fix a UAF resulting from a bug in BIOnewNDEF CVE-2023-0464: x509v3: Limit X.509 certificate tree size to avoid exponential u...

7.5CVSS6.7AI score0.04494EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 2:21 p.m.6 views

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

6.3AI score0.00096EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/28 5:59 a.m.8 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2024-23337 DESCRIPTION: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, t...

9.4CVSS7.8AI score0.01735EPSS
Exploits6Affected Software1
Rows per page
Query Builder