Lucene search
K

399 matches found

Cvelist
Cvelist
added 2026/06/25 8:8 p.m.19 views

CVE-2026-6731 X.509 name constraint bypass via Subject CN treated as a DNS name

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

6CVSS0.00124EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/25 8:8 p.m.4 views

CVE-2026-6731

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

7.5CVSS5.8AI score0.00124EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 7:31 p.m.5 views

CVE-2026-55960

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS5.8AI score0.00145EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

AlmaLinux 9 : skopeo (ALSA-2026:28074)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28074 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...

7.5CVSS5.9AI score0.00621EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

RHEL 9 : buildah (RHSA-2026:29455)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29455 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

9.1CVSS7.3AI score0.00728EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : golang, --advisory ALAS2-2026-3383 (ALAS-2026-3383)

The version of golang installed on the remote host is prior to 1.25.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3383 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...

7.5CVSS6.1AI score0.00904EPSS
Exploits0References8
OSV
OSV
added 2026/06/16 3:3 p.m.9 views

GHSA-M557-WRGG-6RP4 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access

Summary When an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it. Attacker who supplies certificate fully controls host, port, and path of that connectio...

5.8CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:45 p.m.10 views

Netty: Wrapping plain trust manager silently disables hostname verification

SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...

7.5CVSS5.2AI score0.00269EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/11 1:58 p.m.18 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.3AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:57 p.m.8 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7.2AI score0.00459EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/06/11 11:46 a.m.6 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.6AI score0.00154EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Spring Security 授权问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...

8.1CVSS5.4AI score0.00116EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 11:50 p.m.8 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.4AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:50 p.m.88 views

CVE-2026-47838

Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...

8.1CVSS5.5AI score0.00116EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.20 views

PT-2026-48333

Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.24 Spring Security versions 5.8.0 through 5.8.26 Spring Security versions 6.3.0 through 6.3.17 Spring Security versions 6.4.0 through 6.4.17 Spring Security versions 6.5.0 through 6.5.10 Description T...

8.1CVSS5.8AI score0.00116EPSS
Exploits0References7
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.18 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

9.1CVSS6.8AI score0.01557EPSS
Exploits1
OSV
OSV
added 2026/05/21 4:30 p.m.15 views

RLSA-2026:3840 Important: image-builder security update

A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...

7.5CVSS7AI score0.01945EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2026/05/20 1:3 p.m.16 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

6.1AI score0.00154EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.21 views

RHCOS 4 : OpenShift Container Platform 4.17.54 (RHSA-2026:17595)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17595 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...

10CVSS7.3AI score0.01945EPSS
Exploits4References14
OSV
OSV
added 2026/05/19 5:23 p.m.9 views

SUSE-SU-2026:21824-1 Security update for leancrypto

This update for leancrypto fixes the following issues Security issue: - CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when stori...

5.9CVSS5.9AI score0.00162EPSS
Exploits0References6
Rows per page
Query Builder