Lucene search
K

164 matches found

OSV
OSV
added 4 days ago7 views

RLSA-2026:34357 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint CVE-2026-42154 github.com/prometheus/prometheus:...

8.2CVSS7.3AI score0.00939EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 9:16 p.m.8 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS0.00074EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:16 p.m.3 views

UBUNTU-CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS5.8AI score0.00074EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 8:38 p.m.9 views

EUVD-2026-39560

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:38 p.m.7 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS5.8AI score0.00074EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 8:38 p.m.18 views

CVE-2026-6412

Technical details about CVE-2026-6412 are not publicly available in the provided documents. Monitor for updates from the cited sources (WolfSSL, NVD, Debian tracker, CVE List, OSV, EUVD, etc.).

4.3CVSS5.8AI score0.00074EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:38 p.m.25 views

CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS0.00074EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 8:38 p.m.6 views

CVE-2026-6412

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS5.8AI score0.00074EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/25 5:32 p.m.3 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS7.1AI score0.00939EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52584

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description There are certificate policy and RFC 8446 compliance concerns due to the continued acceptance of SHA-1 and MD5 hashing algorithms during certificate processing...

4.3CVSS5.7AI score0.00074EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

RHEL 9 : buildah (RHSA-2026:29455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29455 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

9.1CVSS7.3AI score0.00728EPSS
Exploits0References14
RedHat Linux
RedHat Linux
added 2026/06/23 2:26 a.m.19 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.3 views

Siemens SIMATIC S7-1500 TM MFP NULL Pointer Dereference (CVE-2026-28388)

Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is missing. Impact summary: A NULL pointer dereference can trigger a crash which leads to a Denial of Service for an application...

7.5CVSS7.6AI score0.00885EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.4 views

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2025-69421)

Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex function does not check whether...

7.5CVSS7.8AI score0.00844EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.13 views

RockyLinux 9 : podman (RLSA-2026:26447)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:26447 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

7.5CVSS5.5AI score0.00621EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.16 views

SUSE CVE-2026-7383

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

5.9CVSS6.3AI score0.00358EPSS
Exploits0References20
EUVD
EUVD
added 2026/06/09 6:31 p.m.14 views

EUVD-2026-35474

Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1mbstringncopy can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may lead to a crash or possibly attacker controlled code execution or other undefined behaviour. In...

8.1CVSS6.3AI score0.00358EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/08 1:35 p.m.9 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS5.4AI score0.00615EPSS
Exploits0References8
OSV
OSV
added 2026/05/21 9:23 a.m.7 views

CLSA-2026-1779355433 Fix CVE(s): CVE-2026-3833

SECURITY UPDATE: nameConstraints case-sensitive comparison bypass - debian/patches/CVE-2026-3833.patch: perform case-insensitive comparison of dNSName and rfc822Name domain labels in X.509 nameConstraints processing, fixing excludedSubtrees / permittedSubtrees bypass via letter-casing in the SAN....

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/20 1:17 p.m.12 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
Rows per page
Query Builder