Lucene search
K

23 matches found

CVE
CVE
added yesterday12 views

CVE-2026-54774

CoreWCF (CoreWCF.Primitives and related components) is affected by CVE-2026-54774 where SamlSerializer may skip final SignatureValue verification when validating SAML tokens signed with a non-X.509 issuer token. The vulnerability arises when an out-of-band token resolver provides a non-X.509 Secu...

7.4CVSS5.9AI score
Exploits0References6
OSV
OSV
added 2026/06/19 8:46 p.m.5 views

GHSA-RPJ7-HR7H-W6P9 CoreWCF: SamlSerializer skips SignatureValue verification when SAML signing token is not an X.509 certificate

Impact When a service is configured to validate SAML tokens using a method other than X.509 certificate signing, the final signature verification is skipped. Preconditions The service is configured to authenticate using SAML tokens and an out of band token resolver commonly the IssuerTokenResolve...

7.4CVSS5.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51071

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The SamlSerializer skips the final SignatureValue verification when a service validates SAML tokens using a non-X.509 signing token. This occurs when the service is...

7.4CVSS5.9AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/03 12:19 p.m.10 views

CVE-2026-42789

A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...

8CVSS5.8AI score0.00322EPSS
Exploits0References9
OSV
OSV
added 2026/05/27 2:16 p.m.12 views

DEBIAN-CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

4.8CVSS5.9AI score0.00322EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Erlang/OTP 安全漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by node.js’s built-in APIs. Erlang/OTP has a security vulnerability, which stems from improper trust in the certificate chain within the publickey module. This allows non-CA...

7CVSS5.8AI score0.00322EPSS
Exploits0References6
Veracode
Veracode
added 2025/08/19 8:10 a.m.7 views

Authentication Bypass

github.com/hashicorp/vault is vulnerable to Authentication Bypass. The vulnerability is due to improper certificate validation due to accepting non-CA certificates as trusted, allowing attackers to impersonate users with crafted certificates...

6.8CVSS7AI score0.00223EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/08/11 5:24 p.m.2 views

GO-2025-3836 Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault

Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault...

6.8CVSS7.2AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2025/08/01 5:52 p.m.3 views

CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS6.8AI score0.00223EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/08/01 5:52 p.m.3 views

CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS5.7AI score0.00223EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/04 12:0 a.m.5 views

HashiCorp Vault and HashiCorp Vault Enterprise Security Vulnerabilities

HashiCorp Vault and HashiCorp Vault Enterprise are both products of HashiCorp, Inc. of the U.S. HashiCorp Vault is a private key access management tool.HashiCorp Vault Enterprise is an enterprise information archiving platform. Captures information across all communication platforms - seamlessly...

9.8CVSS8.8AI score0.00447EPSS
Exploits0References2
OSV
OSV
added 2022/04/15 5:15 a.m.3 views

ALPINE-CVE-2022-26498

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

7.5CVSS6.8AI score0.16406EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/04/15 5:15 a.m.6 views

CVE-2022-26498

An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2...

7.5CVSS7.1AI score0.16406EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/04/15 12:0 a.m.1 views

PT-2022-17902 · Asterisk · Asterisk

Name of the Vulnerable Software and Affected Versions: Asterisk versions prior to 16.25.2 Asterisk versions prior to 18.11.2 Asterisk versions prior to 19.3.2 Description: An issue was discovered in Asterisk when using STIR/SHAKEN, allowing the download of files that are not certificates. These...

9.8CVSS8.2AI score0.16406EPSS
Exploits2References64
CNNVD
CNNVD
added 2022/04/15 12:0 a.m.5 views

Asterisk 资源管理错误漏洞

Asterisk is software for a PBX system that runs on Linux and supports IP calls using SIP, IAX, and H323 protocols. Asterisk version 19.x and prior versions STIR/SHAKEN have a resource management error vulnerability that stems from the ability to download files that are not certificates. These fil...

7.5CVSS7AI score0.16406EPSS
Exploits0References11
OSV
OSV
added 2021/03/25 3:15 p.m.2 views

DEBIAN-CVE-2021-3450

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.3AI score0.18339EPSS
Exploits1References1
OSV
OSV
added 2018/06/12 2:29 p.m.4 views

CVE-2017-3962

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes...

9.8CVSS5.8AI score0.00352EPSS
Exploits0References1
Prion
Prion
added 2018/06/12 2:29 p.m.16 views

Design/Logic Flaw

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes...

5CVSS9.4AI score0.00352EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/06/12 2:0 p.m.22 views

CVE-2017-3962 McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability

Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management NSM before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes...

5.6CVSS9.5AI score0.00352EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/09/28 12:0 a.m.49 views

McAfee Security Scan Plus < 3.11.599.3 LiveSafe Non-certificate-based Authentication HTTP Backend-response Handling MitM Registry Value Manipulation (TS102723)

The version of McAfee Security Scan Plus installed on the remote Windows host is prior to 3.11.599.3. It is, therefore, affected by a flaw in the non-certificate-based authentication mechanism that is triggered during the handling of HTTP backend-responses. This may allow a man-in-the-middle...

9.8CVSS6.9AI score0.11679EPSS
Exploits4References4
Rows per page
Query Builder