Lucene search
K

100 matches found

Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40700

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/01 2:12 a.m.11 views

SUSE CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.3AI score0.00155EPSS
Exploits1References3
OSV
OSV
added 2026/04/29 9:16 p.m.9 views

DEBIAN-CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.3AI score0.00155EPSS
Exploits1References1
NVD
NVD
added 2026/04/29 9:16 p.m.8 views

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.00155EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/04/29 9:16 p.m.6 views

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.00155EPSS
Exploits1References1
OSV
OSV
added 2026/04/29 9:16 p.m.7 views

UBUNTU-CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.00155EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/29 8:15 p.m.5 views

CVE-2026-1858 wget2 Improper Certificate Validation

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.2AI score0.00155EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/29 8:15 p.m.35 views

CVE-2026-1858 wget2 Improper Certificate Validation

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS0.00155EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:15 p.m.4 views

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.2AI score0.00155EPSS
Exploits1References2
CVE
CVE
added 2026/04/29 8:15 p.m.18 views

CVE-2026-1858

CVE-2026-1858 involves wget2 accepting a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). The published description states that if an attacker compromises a certificate (and its private key) that was issued for a different purpose, that certificate may be reusable for...

4.8CVSS5.2AI score0.00155EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/04/29 8:15 p.m.7 views

EUVD-2026-26285

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.2AI score0.00155EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/04/29 8:15 p.m.6 views

CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.00155EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.11 views

SUSE CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 8:18 p.m.11 views

GHSA-9QQ8-CGCV-QMC9 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 8:18 p.m.6 views

EUVD-2026-21506

Step CA affected by an index out of bounds panic in TPM attestation EKU validation...

3.7CVSS5.8AI score0.00181EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.7 views

Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/04/10 6:8 p.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index of tcg-kp-AIKCertificate Extended Key Usage OID during TPM device attestation. An attacker can cause a panic and disrupt service availability by submitting a crafted attestation key certificate with an...

6.3CVSS5.8AI score0.00181EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 4:34 p.m.34 views

CVE-2026-40097 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

3.7CVSS0.00181EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 4:34 p.m.17 views

CVE-2026-40097

CVE-2026-40097 affects Step CA (online CA for secure, automated certificate management). From version 0.24.0 up to before 0.30.0-rc3, an attacker can trigger an index-out-of-bounds panic during TPM device attestation by sending a crafted attestation key certificate with an empty EKU extension. Sp...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.3 views

PT-2026-31991

Name of the Vulnerable Software and Affected Versions Step CA versions 0.24.0 through 0.30.0-rc3 Description An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device...

3.7CVSS5.9AI score0.00181EPSS
Exploits0References11
Rows per page
Query Builder