Lucene search
K

25 matches found

NVD
NVD
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.5 views

UBUNTU-CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 7:40 p.m.28 views

CVE-2026-10592 Wildcard DNS SAN bypasses CA name-constraint checks

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:40 p.m.32 views

CVE-2026-10592

CVE-2026-10592 concerns certificates with wildcard DNS SANs (e.g., *.example.com) bypassing CA name-constraint checks. A wildcard SAN that should be rejected by the issuing CA’s permitted/excluded DNS name constraints could be accepted, enabling potential mis-issuance. The provided documents refe...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/06 9:55 a.m.8 views

EUVD-2026-27655

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References3
OSV
OSV
added 2026/04/13 5:43 a.m.9 views

BIT-GOLANG-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References43
NVD
NVD
added 2026/04/08 2:16 a.m.5 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS0.0034EPSS
Exploits0References42
ATTACKERKB
ATTACKERKB
added 2026/04/08 1:6 a.m.2 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS7.1AI score0.0034EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/08 1:6 a.m.115 views

CVE-2026-33810

CVE-2026-33810 affects the Go crypto/x509 certificate chain validation. The issue occurs when verifying a chain with excluded DNS constraints: constraints are not consistently applied to wildcard DNS SANs if the SANs’ case differs from the constraint, which can affect validation of otherwise trus...

8.8CVSS5.9AI score0.0034EPSS
Exploits0References42Affected Software1
OSV
OSV
added 2026/04/08 1:6 a.m.2 views

CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

7.5CVSS7.1AI score0.0034EPSS
Exploits0References45
Snyk
Snyk
added 2026/04/07 10:53 p.m.3 views

Improper Handling of Case Sensitivity

Overview std/crypto/x509 is a Go standard library package std/crypto/x509 Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity. Go Vulnerability Report: When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly...

8.8CVSS5.7AI score0.0034EPSS
Exploits0References3
OSV
OSV
added 2026/01/30 4:20 p.m.18 views

CLEANSTART-2026-PK62208 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the stakater-reloader-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References5
Amazon
Amazon
added 2026/01/07 12:0 a.m.13 views

Medium: golang

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
Amazon
Amazon
added 2026/01/07 12:0 a.m.10 views

Medium: oci-add-hooks

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
Amazon
Amazon
added 2026/01/05 12:0 a.m.6 views

Medium: nerdctl

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.9AI score0.00459EPSS
Exploits2
OSV
OSV
added 2025/12/03 7:37 p.m.3 views

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

6.5CVSS6.9AI score0.00274EPSS
Exploits0References7
OSV
OSV
added 2023/06/29 8:30 p.m.10 views

CLSA-2023-1688070599 Fix CVE(s): CVE-2023-28322, CVE-2023-28321

SECURITY UPDATE: More POST-after-PUT confusion - debian/patches/CVE-2023-28322.patch: fix mess in upload/method handling - CVE-2023-28322 SECURITY UPDATE: incorrect IDN wildcard match - debian/patches/CVE-2023-28321.patch: fix erroneous logic in wildcard handling, drop support for wildcards in th...

5.9CVSS6.8AI score0.02211EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/04 12:0 a.m.5 views

PT-2022-27857 · Mastodon · Mastodon

Name of the Vulnerable Software and Affected Versions: Mastodon versions through 4.0.2 Description: The issue allows attackers to cause a denial of service by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, resulting...

7.5CVSS7.1AI score0.00918EPSS
Exploits1References9
CNNVD
CNNVD
added 2022/12/04 12:0 a.m.5 views

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub. A security vulnerability exists in Mastodon 4.0.2 and prior versions, which stems from a vulnerability that allows an attacker to cause a denial of service long Sidekiq pull queue by creating a bot account that follows an...

7.5CVSS7.3AI score0.00918EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2014/04/26 1:0 a.m.37 views

CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS6AI score0.01218EPSS
Exploits0
Rows per page
Query Builder