Lucene search
K

37 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in libidn2

GNU libidn2 before version 2.2.0 fails to perform the round-trip checks specified in RFC3490, Section 4.2, when converting A-labels to U-labels. This allows, under certain circumstances, one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

7.5CVSS7AI score0.0279EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/13 2:29 a.m.19 views

SUSE CVE-2026-9648

The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA's permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

certificate handling for haskell 安全漏洞

Certificate Handling for Haskell is a X509 certificate processing and verification tool developed by Kazu Yamamoto. There are security vulnerabilities in Certificate Handling for Haskell. These vulnerabilities stem from the lack of enforcement of X.509 name constraints. This may allow TLS clients...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-9648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names...

9.1CVSS5.9AI score0.00223EPSS
Exploits0References3
CERT
CERT
added 2026/06/11 12:0 a.m.8 views

crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraints

Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key security feature...

9.1CVSS5.3AI score0.00223EPSS
Exploits0References5
CVE
CVE
added 2025/12/10 11:27 a.m.20 views

CVE-2025-13953

CVE-2025-13953 describes a bypass of the authentication method in the GTT Tax Information System (GTT Sistema de Información Tributario) due to improper validation of data received over a local WebSocket used for LDAP-based login. The root cause is insufficient verification of authenticity/origin...

9.3CVSS6.3AI score0.0041EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2019-12290)

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

7.5CVSS7AI score0.0279EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2019-3931

Malware in sbrugna...

7.5CVSS7.6AI score0.0279EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-23963

Malware in sbrugna...

5.9CVSS5.7AI score0.00832EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-12290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in...

7.5CVSS7.1AI score0.0279EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.5 views

CVE-2020-36477

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name the cn argument of mbedtlsx509crtverify with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to an...

5.9CVSS6.7AI score0.00832EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/08/02 12:55 p.m.38 views

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/05/31 4:3 p.m.5 views

pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.7AI score0.00227EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/07 12:0 a.m.19 views

EulerOS Virtualization 3.0.2.0 : libidn2 (EulerOS-SA-2023-1735)

According to the versions of the libidn2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to...

7.5CVSS7.2AI score0.0279EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.2 views

SUSE CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

4.3CVSS8.3AI score0.01356EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:12 a.m.4 views

SUSE CVE-2019-11721

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...

6.5CVSS8AI score0.01393EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-12290

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...

6.5CVSS6.9AI score0.0279EPSS
Exploits0References50
Positive Technologies
Positive Technologies
added 2022/05/03 12:0 a.m.4 views

PT-2022-3135 · Microsoft · File Server Shadow Copy Agent Service +1

Name of the Vulnerable Software and Affected Versions: Microsoft File Server Shadow Copy Agent Service RVSS affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft File Server Shadow Copy Agent Service RVSS, which can be exploited by ...

5.3CVSS9.3AI score0.01526EPSS
Exploits0References10
Prion
Prion
added 2021/08/23 2:15 a.m.16 views

Code injection

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name the cn argument of mbedtlsx509crtverify with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to an...

4.3CVSS5.8AI score0.00832EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/08/23 12:0 a.m.67 views

CVE-2020-36477

CVE-2020-36477 affects Mbed TLS up to version 2.24.0. The issue: when verifying X.509 certificates, the expected name is incorrectly compared to any name in the subjectAltName extension, regardless of type. This enables an attacker to impersonate a 4-byte or 16-byte domain by obtaining a certific...

5.9CVSS5.8AI score0.00832EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder