229 matches found
CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
UBUNTU-CVE-2025-12893
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
EUVD-2025-199532
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
CVE-2025-12893 Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
CVE-2025-12893
CVE-2025-12893 affects MongoDB Server: vulnerable EKU handling allows TLS handshakes when client/server certificates have EKU fields that don’t match documented clientAuth/serverAuth, on Windows/Apple (Linux validation is correct). Impact is limited to specific MongoDB server lines: v7.0 before 7...
Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server
Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usage EKU requirements. A certificate that specifies extendedKeyUsage but is missing extendedKeyUsage = clientAuth may still be successfully...
PT-2025-47988
Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 7.0.26 MongoDB Server versions prior to 8.0.16 MongoDB Server versions prior to 8.2.2 Description A MongoDB server may incorrectly establish TLS handshakes with clients or servers presenting certificates that d...
MongoDB Server 安全漏洞
MongoDB Server is a set of open source NoSQL databases from the American company MongoDB. The database provides collection-oriented storage, dynamic querying, data replication and automatic failover. A security vulnerability exists in MongoDB Server versions v7.0 through 7.0.26 prior, v8.0 throug...
CLSA-2025-1763647564 xorg-x11-server-Xwayland: Fix of 3 CVEs
CVE-2024-0409: fix incorrect cursor private key usage in Xwayland/Xephyr that caused XSELINUX devPrivates corruption - CVE-2025-26597: fix buffer overflow in XkbChangeTypesOfKey by properly resizing key syms and actions when nGroups is zero - CVE-2025-26594: fix root cursor lifetime handling to...
CVE-2025-2529
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from malicious external parties in an unfiltered/unsalted way...
Medium: amazon-ecr-credential-helper
Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...
EUVD-2016-7764
Malware in sbrugna...
EUVD-2010-0556
Malware in sbrugna...
EUVD-2014-2926
Malware in sbrugna...
EUVD-2021-2000
Malware in sbrugna...
EUVD-2013-5446
Malware in sbrugna...
EUVD-2019-7469
Malware in sbrugna...
EUVD-2019-5259
Malware in sbrugna...
EUVD-2024-52172
Malicious code in bioql PyPI...