Lucene search
K

43 matches found

OpenVAS
OpenVAS
added 2026/04/02 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-efe3ef6f55)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9AI score
Exploits0References2
OpenVAS
OpenVAS
added 2026/04/02 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2026-334414b5e8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/02 12:0 a.m.10 views

Fedora 43 : rust-rustls-webpki (2026-efe3ef6f55)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-efe3ef6f55 advisory. Update to version 0.103.10. Addresses RUSTSEC-2026-0049. ---- Update to version 0.103.9. Tenable has extracted the preceding description block directly from...

6AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/03/20 9:51 p.m.3 views

webpki-roots (>=0.26.0-alpha.0 <=0.26.0-alpha.1) potentially affected by unknown CVE via rustls-webpki (=0.102.8)

rustls-webpki CARGO version =0.102.8 is affected by a known vulnerability. The following packages have a transitive dependency on rustls-webpki and may be impacted: - webpki-roots =0.26.0-alpha.0, =0.26.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:GHSA-PWJX-QHCG-RVJ4...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/20 9:51 p.m.7 views

GHSA-PWJX-QHCG-RVJ4 webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic

If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored. The impact was that correct provided CRLs would...

4.4CVSS5.8AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/20 8:35 p.m.4 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:GHSA-9F94-5G5W-GF6R...

9.1CVSS5.8AI score0.00252EPSS
Exploits0
OSV
OSV
added 2026/03/20 12:0 p.m.7 views

RUSTSEC-2026-0049 CRLs not considered authoritative by Distribution Point due to faulty matching logic

If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored. The impact was that correctly provided CRLs wou...

5.8AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/20 12:0 p.m.3 views

webpki-roots (>=0.26.0-alpha.0 <=0.26.0-alpha.1) potentially affected by unknown CVE via rustls-webpki (=0.102.8)

rustls-webpki CARGO version =0.102.8 is affected by a known vulnerability. The following packages have a transitive dependency on rustls-webpki and may be impacted: - webpki-roots =0.26.0-alpha.0, =0.26.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0049...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/19 12:0 p.m.3 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-4428 via aws-lc-sys (=0.21.0)

aws-lc-sys CARGO version =0.21.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-lc-sys and may be impacted: - jsonwebtoken-aws-lc =9.3.0 - jwts =0.5.0, =0.102.6, =0.20.0, =0.31.0 Source cves: CVE-2026-4428 Source advisory: OSV:RUSTSEC-2026-0048...

9.1CVSS5.8AI score0.00252EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/03 8:9 p.m.2 views

jsonwebtoken-aws-lc (=9.3.0), jwts (>=0.5.0 <=0.5.1) +2 more potentially affected by CVE-2026-3337 via aws-lc-sys (>=0.14.1 <=0.21.0)

aws-lc-sys CARGO version =0.14.1, =0.5.0, =0.102.2, =0.20.0, =0.31.0 Source cves: CVE-2026-3337 Source advisory: OSV:GHSA-65P9-R9H6-22VJ...

8.2CVSS7.4AI score0.01079EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.8 views

Fedora 39 : rust-rustls-webpki (2023-4ae90bc849)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-4ae90bc849 advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...

5.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/09/16 12:0 a.m.8 views

Fedora: Security Advisory (FEDORA-2023-4ae90bc849)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/09/02 12:0 a.m.8 views

Fedora: Security Advisory for rust-rustls-webpki (FEDORA-2023-7cb316a73b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/09/02 12:0 a.m.6 views

Fedora: Security Advisory for rust-rustls-webpki (FEDORA-2023-6ef5f2fbf3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.9 views

Fedora 38 : rust-rustls-webpki (2023-7cb316a73b)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-7cb316a73b advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...

5.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/09/01 12:0 a.m.11 views

Fedora 37 : rust-rustls-webpki (2023-6ef5f2fbf3)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-6ef5f2fbf3 advisory. Update to version 0.100.2. This includes a fix for RUSTSEC-2023-0053 denial-of-service via crafted certificate chains. Tenable has extracted the preceding...

5.6AI score
Exploits0References1
OSV
OSV
added 2023/08/25 12:12 a.m.14 views

GHSA-8QV2-5VQ6-G2G7 webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in...

7.5CVSS7AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/08/25 12:12 a.m.26 views

webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. This was previously reported in...

6.8AI score
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/08/24 10:18 p.m.11 views

ntpd has Dependency on Vulnerable Third-Party Component

During startup, an attacker that can man-in-the-middle traffic to and from NTS key exchange servers can trigger a very expensive key validation process due to a vulnerability in webpki. Impact This vulnerability can lead to excessive cpu usage on startup on clients configured to use NTS Patches...

6.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2023/08/22 6:6 p.m.24 views

GHSA-FH2R-99Q2-6MMG rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.5CVSS7AI score
Exploits0References5
Rows per page
Query Builder