Lucene search
+L

153 matches found

amazon
amazon
added 2025/07/10 12:0 a.m.5 views

Medium: runc

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
amazon
amazon
added 2025/07/10 12:0 a.m.3 views

Medium: containerd

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
nessus
nessus
added 2025/07/10 12:0 a.m.5 views

Amazon Linux 2023 : nerdctl (ALAS2023-2025-1075)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1075 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References6
nessus
nessus
added 2025/07/10 12:0 a.m.6 views

Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1079)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1079 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References6
nessus
nessus
added 2025/07/10 12:0 a.m.4 views

Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1073)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1073 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References6
nessus
nessus
added 2025/07/10 12:0 a.m.17 views

Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-1076)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1076 advisory. Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which a...

7.5CVSS6.5AI score0.0056EPSS
Exploits0References6
amazon
amazon
added 2025/07/10 12:0 a.m.8 views

Medium: docker

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
redhat
redhat
added 2025/07/09 12:58 a.m.9 views

crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509

A flaw was found in Go's crypto/x509 package. This vulnerability allows improper certificate validation, bypassing policy constraints via using ExtKeyUsageAny in VerifyOptions.KeyUsages...

7.5CVSS5.7AI score0.00311EPSS
Exploits0References8
nessus
nessus
added 2025/07/07 12:0 a.m.5 views

TencentOS Server 4: golang (TSSA-2025:0500)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0500 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.5CVSS7AI score0.00311EPSS
Exploits0References2
amazon
amazon
added 2025/06/23 12:0 a.m.4 views

Medium: golang

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS6.8AI score0.0056EPSS
Exploits0
amazon
amazon
added 2025/06/23 12:0 a.m.8 views

Medium: golang

Issue Overview: Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon. CVE-2025-22874 Proxy-Authorization and Proxy-Authenticate headers...

7.5CVSS7.1AI score0.0056EPSS
Exploits0
osv
osv
added 2025/06/14 5:46 a.m.28 views

BIT-GOLANG-2025-22874 Usage of ExtKeyUsageAny disables policy validation in crypto/x509

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS7.8AI score0.00311EPSS
Exploits0References5
osv
osv
added 2025/06/11 5:15 p.m.1 views

DEBIAN-CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS7.6AI score0.00311EPSS
Exploits0References1
osv
osv
added 2025/06/11 5:15 p.m.7 views

AZL-63872 CVE-2025-22874 affecting package msft-golang for versions less than 1.24.1-3

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS6.9AI score0.00311EPSS
Exploits0References1
osv
osv
added 2025/06/11 5:15 p.m.6 views

CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.8AI score
Exploits0References4
osv
osv
added 2025/06/11 5:15 p.m.5 views

AZL-72104 CVE-2025-22874 affecting package golang for versions less than 1.24.4-1

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS6.9AI score0.00311EPSS
Exploits0References1
nvd
nvd
added 2025/06/11 5:15 p.m.15 views

CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS0.00311EPSS
Exploits0References4
osv
osv
added 2025/06/11 5:15 p.m.6 views

UBUNTU-CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.5CVSS6.9AI score0.00311EPSS
Exploits0References2
cve
cve
added 2025/06/11 4:42 p.m.240 views

CVE-2025-22874

CVE-2025-22874 is confirmed in multiple advisories (ALAS/AL2/ECS) tied to Go crypto/X509 verification where Verify with VerifyOptions.KeyUsages containing ExtKeyUsageAny disables policy validation for some certificate chains with policy graphs. Concrete affected packages include amazon-ssm-agent ...

7.5CVSS7.1AI score0.00311EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/06/11 4:42 p.m.4 views

CVE-2025-22874 Usage of ExtKeyUsageAny disables policy validation in crypto/x509

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon...

7.1AI score0.00311EPSS
Exploits0References4
Rows per page
Query Builder