18 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-12340
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier...
PT-2026-52572
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where an un-negotiated Raw Public Key RPK, as defined in RFC 7250, is accepted instead of an X.509 certificate, allowing the bypass of chain...
Erlang/OTP 17.0 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 Certificate Chain Forgery (CVE-2026-42789)
The version of Erlang/OTP installed on the remote host is 17.0 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey...
EUVD-2026-32558
Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...
EUVD-2026-24609
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...
ALPINE-CVE-2026-31789
Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...
MiracleLinux 8 : nodejs:16 (AXSA:2023-6328:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6328:01 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...
EUVD-2021-28011
Malicious code in bioql PyPI...
Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
...
SUSE CVE-2025-24032
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...
XWiki 加密问题漏洞
Xwiki Platform is a set of wiki platforms for creating web collaboration applications from the French company Xwiki. security vulnerabilities exist in versions of XWiki prior to 13.10.6, 14.3.1 and 14.4-rc-1. X509 certificate with RSA, there is a risk of conflict with SHA1. No details of the...
CVE-2021-40855
The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production...
Code injection
The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production...
PT-2019-2636 · Jenkins · Jenkins Credentials Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 2.1.18 and earlier Description: The issue allows users with permission to create or update credentials to confirm the existence of files on the Jenkins master with an attacker-specified path and obtain the...
strongSwan x509 Plugin Denial of Service (CVE-2017-9023)
A denial-of-service vulnerability exists in strongSwan. The vulnerability is due to improper parsing of various X.509 certificate extensions using ASN.1 CHOICE and SEQUENCE types within the X.509 and ASN.1 parsers. A remote attacker can exploit this vulnerability by sending a crafted public key...
Apache HTTPD Information Disclosure Vulnerability
Apache HTTP Server is an open source web server from the Apache Software Foundation. Apache HTTPD Web Server 2.4.18-2.4.20 fails to properly validate X509 client certificates for resource access over HTTP/2. This could allow third parties to access web server resources without credentials, leadin...
DEBIAN-CVE-2016-1950
Heap-based buffer overflow in Mozilla Network Security Services NSS before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate...
sendmail: incorrect verification of SSL certificate with NUL in name
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name CN field of an X.509 certificate, which 1 allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and 2 allows...