526 matches found
UBUNTU-CVE-2026-33308
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308
CVE-2026-33308 affects mod_gnutls, a TLS module for Apache HTTPD based on GnuTLS. Prior to 0.13.0, the client-certificate verification code did not enforce the Extended Key Usage EKU key purpose; if an attacker possessed the private key of a valid certificate from a trusted CA but intended for a ...
EUVD-2026-14694
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification
Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...
mod_gnutls 信任管理问题漏洞
modgnutls is a GnuTLS-based TLS module for Apache HTTPD developed by Airtower developers. Versions of modgnutls prior to 0.13.0 had a trust management vulnerability. This vulnerability stemmed from the lack of checking extended key usages during client certificate verification, which could lead t...
GHSA-HFFM-G8V7-WRV7 Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed
Summary Two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA,...
CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...
CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...
Caddy 安全漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities were caused by two ignored errors in the ClientAuthentication.provision function, which led to a silent failure in mT...
GO-2026-4530 Traefik affected by TLS ClientAuth Bypass on HTTP/3 in github.com/traefik/traefik
Traefik affected by TLS ClientAuth Bypass on HTTP/3 in github.com/traefik/traefik...
Traefik affected by TLS ClientAuth Bypass on HTTP/3
Summary There is a potential vulnerability in Traefik managing HTTP/3 connections. More details in the CVE-2025-68121. Patches - https://github.com/traefik/traefik/releases/tag/v2.11.37 - https://github.com/traefik/traefik/releases/tag/v3.6.8 Workarounds No workaround For more information If you...
Apache Tomcat 10.1.0.M1 < 10.1.50 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 10.1.50. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat10.1.50security-10 advisory. - Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through...
CVE-2025-66614
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL...
Advisory ROSA-SA-2026-3152
Software: libssh 0.9.6 OS: ROSA Virtualization 3.1 unaffected versions = libssh-0.9.6-16.rv31 affected versions libssh-0.9.6-16.rv31 CVE-ID: CVE-2025-5318 BDU-ID: 2025-09008 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the sftphandle function of the LibSSH library involves reading data outside ...
MiracleLinux 9 : keylime-7.12.1-11.el9_7.4 (AXSA:2026-165:01)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-165:01 advisory. keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 Tenable has...
ALSA-2026:2225 Critical: keylime security update
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...