Lucene search
K

100 matches found

SUSE CVE
SUSE CVE
added 2026/04/09 11:26 p.m.4 views

SUSE CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References3
NVD
NVD
added 2026/04/08 4:16 p.m.7 views

CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS0.00188EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/24 11:49 a.m.7 views

CVE-2026-33308

A flaw was found in modgnutls, a TLS module for Apache HTTPD. Prior to version 0.13.0, the module's client certificate verification process did not properly validate the key purpose specified in the Extended Key Usage EKU extension. This oversight could allow a remote attacker, possessing a valid...

6.8CVSS5.8AI score0.00205EPSS
Exploits0References2
NVD
NVD
added 2026/03/24 3:16 a.m.6 views

CVE-2026-33308

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS0.00205EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/24 3:16 a.m.3 views

CVE-2026-33308

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS5.8AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 3:16 a.m.21 views

UBUNTU-CVE-2026-33308

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS5.8AI score0.00205EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 1:36 a.m.1 views

CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS5.9AI score0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 1:36 a.m.4 views

CVE-2026-33308

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/24 1:36 a.m.6 views

EUVD-2026-14694

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS5.9AI score0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/03/24 1:36 a.m.3 views

CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS5.9AI score0.00205EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 1:36 a.m.17 views

CVE-2026-33308

CVE-2026-33308 affects mod_gnutls, a TLS module for Apache HTTPD based on GnuTLS. Prior to 0.13.0, the client-certificate verification code did not enforce the Extended Key Usage EKU key purpose; if an attacker possessed the private key of a valid certificate from a trusted CA but intended for a ...

6.8CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/03/24 1:36 a.m.26 views

CVE-2026-33308 mod_gnutls missing key purpose check in client certificate verification

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. Prior to version 0.13.0, code for client certificate verification did not check the key purpose as set in the Extended Key Usage extension. An attacker with access to the private key for a valid certificate issued by a CA trusted for TLS...

6.8CVSS0.00205EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 1:37 p.m.4 views

USN-7961-1 erlang vulnerability

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...

5.5CVSS5.8AI score0.00251EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/01/14 1:37 p.m.7 views

USN-7961-1: Erlang vulnerability

It was discovered that Erlang incorrectly validated peer certificates when incorrect extended key usage was presented. A remote attacker could possibly use this issue to bypass SSL key usage restrictions...

5.5CVSS5.7AI score0.00251EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.4 views

CVE-2023-40012

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

7.5CVSS7AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2025/12/06 11:42 a.m.5 views

BIT-MONGODB-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.3AI score0.00084EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

FreeBSD : MongoDB Server -- Improper Certificate Validation (d2f2c691-cd42-11f0-85d4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d2f2c691-cd42-11f0-85d4-b42e991fc52e advisory. https://jira.mongodb.org/browse/SERVER-105783 reports: Clients may successfully perform a TLS handshake...

5.4CVSS5.4AI score0.00084EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-12893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usa...

5.4CVSS6AI score0.00084EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/11/26 5:57 p.m.8 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS6.4AI score0.00084EPSS
Exploits0References1
NVD
NVD
added 2025/11/25 5:15 a.m.9 views

CVE-2025-12893

Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...

5.4CVSS0.00084EPSS
Exploits0References1
Rows per page
Query Builder