Lucene search
K

9 matches found

OSV
OSV
added 2026/02/03 9:51 a.m.12 views

CLSA-2026-1770112258 golang: Fix of CVE-2025-61729

CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : nodejs:16 (AXSA:2022-4547:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4547:01 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-4453...

9.8CVSS6.8AI score0.21514EPSS
Exploits3References8
OSV
OSV
added 2025/12/06 11:38 a.m.2 views

BIT-ENVOY-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...

7.1CVSS6.8AI score0.00164EPSS
Exploits1References2
OSV
OSV
added 2025/12/05 6:14 p.m.1 views

GHSA-RWJG-C3H2-F57P Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Summary Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches. Details This occurs when the SAN is encoded as a BMPSTRING or UNIVERSALSTRING, and its UTF-8 conversion...

5CVSS6.8AI score0.00164EPSS
Exploits1References3
OSV
OSV
added 2025/12/03 6:31 p.m.5 views

CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...

5CVSS6.8AI score0.00164EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.9 views

SUSE CVE-2021-44532

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used withi...

5.9CVSS7AI score0.10364EPSS
Exploits1References11
CNNVD
CNNVD
added 2022/02/22 12:0 a.m.5 views

Envoy 信任管理问题漏洞

Envoy is an open source distributed proxy server. Envoy has a trust management issue vulnerability that stems from a type confusion error in the defaultvalidator.cc implementation used to implement the default certificate validation routines when handling subjectAltNames. no details of the...

7.4CVSS5.6AI score0.00768EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2013/04/09 12:0 a.m.274 views

SSL/TLS: Collect and Report Certificate Details

This script collects and reports the details of all SSL/TLS certificates. This data will be used by other tests to verify server certificates. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

5.7AI score
Exploits0
OSV
OSV
added 2010/08/05 6:17 p.m.2 views

DEBIAN-CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

8.1CVSS8AI score0.05342EPSS
Exploits0References1
Rows per page
Query Builder