399 matches found
CVE-2026-6731 X.509 name constraint bypass via Subject CN treated as a DNS name
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...
CVE-2026-6731
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...
CVE-2026-55960
Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...
AlmaLinux 9 : skopeo (ALSA-2026:28074)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:28074 advisory. crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation CVE-2026-32281 crypto/tls: golang: Go crypto/tls:...
RHEL 9 : buildah (RHSA-2026:29455)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29455 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...
Amazon Linux 2 : golang, --advisory ALAS2-2026-3383 (ALAS-2026-3383)
The version of golang installed on the remote host is prior to 1.25.11-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3383 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN...
GHSA-M557-WRGG-6RP4 phpseclib: X.509 certificate validation sends attacker-controlled outbound requests (server-side request forgery) via Authority Information Access
Summary When an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it. Attacker who supplies certificate fully controls host, port, and path of that connectio...
Netty: Wrapping plain trust manager silently disables hostname verification
SimpleTrustManagerFactory.engineGetTrustManagers and related paths wrap any user-supplied plain X509TrustManager in X509TrustManagerWrapper, which extends X509ExtendedTrustManager but implements the 3-arg checkServerTrustedchain, authType, SSLEngine by discarding the SSLEngine and calling the 2-a...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...
kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...
Spring Security 授权问题漏洞
Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...
CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....
CVE-2026-47838
Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...
PT-2026-48333
Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.24 Spring Security versions 5.8.0 through 5.8.26 Spring Security versions 6.3.0 through 6.3.17 Spring Security versions 6.4.0 through 6.4.17 Spring Security versions 6.5.0 through 6.5.10 Description T...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...
RLSA-2026:3840 Important: image-builder security update
A local binary for building customized OS artifacts such as VM images and OSTree commits. Uses osbuild under the hood. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion in query...
kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...
RHCOS 4 : OpenShift Container Platform 4.17.54 (RHSA-2026:17595)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:17595 advisory. - golang: archive/tar: Unbounded allocation when parsing GNU sparse map CVE-2025-58183 - golang: net/url: Memory exhaustion in quer...
SUSE-SU-2026:21824-1 Security update for leancrypto
This update for leancrypto fixes the following issues Security issue: - CVE-2026-34610: The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when stori...