37 matches found
Astra Linux – Vulnerability in libidn2
GNU libidn2 before version 2.2.0 fails to perform the round-trip checks specified in RFC3490, Section 4.2, when converting A-labels to U-labels. This allows, under certain circumstances, one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
SUSE CVE-2026-9648
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA's permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...
certificate handling for haskell 安全漏洞
Certificate Handling for Haskell is a X509 certificate processing and verification tool developed by Kazu Yamamoto. There are security vulnerabilities in Certificate Handling for Haskell. These vulnerabilities stem from the lack of enforcement of X.509 name constraints. This may allow TLS clients...
Linux Distros Unpatched Vulnerability : CVE-2026-9648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names...
crypton-x509-validation Haskell libraries do not enforce X.509 NameConstraints
Overview A vulnerability has been discovered in the Haskell TLS software stack, commonly used by applications built in the Haskell programming language to securely connect to servers over the internet. Specifically, the libraries "crypton-x509-validation" fail to enforce a key security feature...
CVE-2025-13953
CVE-2025-13953 describes a bypass of the authentication method in the GTT Tax Information System (GTT Sistema de Información Tributario) due to improper validation of data received over a local WebSocket used for LDAP-based login. The root cause is insufficient verification of authenticity/origin...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2019-12290)
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
EUVD-2019-3931
Malware in sbrugna...
EUVD-2020-23963
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-12290
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in...
CVE-2020-36477
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name the cn argument of mbedtlsx509crtverify with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to an...
Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods...
pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...
EulerOS Virtualization 3.0.2.0 : libidn2 (EulerOS-SA-2023-1735)
According to the versions of the libidn2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to...
SUSE CVE-2018-12399
When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...
SUSE CVE-2019-11721
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...
SUSE CVE-2019-12290
GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the...
PT-2022-3135 · Microsoft · File Server Shadow Copy Agent Service +1
Name of the Vulnerable Software and Affected Versions: Microsoft File Server Shadow Copy Agent Service RVSS affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft File Server Shadow Copy Agent Service RVSS, which can be exploited by ...
Code injection
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name the cn argument of mbedtlsx509crtverify with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to an...
CVE-2020-36477
CVE-2020-36477 affects Mbed TLS up to version 2.24.0. The issue: when verifying X.509 certificates, the expected name is incorrectly compared to any name in the subjectAltName extension, regardless of type. This enables an attacker to impersonate a 4-byte or 16-byte domain by obtaining a certific...