RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...

Amazon Linux 2 : golist, --advisory ALAS2-2026-3260 (ALAS-2026-3260)

The version of golist installed on the remote host is prior to 0.10.1-10. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3260 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

ANT-2026-K8YY7WWS · wolfSSL · improper-cert-validation

improper-cert-validation high CVE-2026-5501 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. The writeup below is the document the firm sent to the maintainer...

MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

UBUNTU-CVE-2023-53159

The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...

Medium: rust

Issue Overview: The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost. CVE-2023-53159 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm

A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...

Siemens SIMATIC and SCALANCE Products Inadequate Encryption Strength (CVE-2023-0466)

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.7 (RHSA-2023:7622)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7622 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

UBUNTU-CVE-2021-4044

Internally libssl in OpenSSL calls X509verifycert on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error for example out of memory. Such a negative return value is mishandled by OpenSSL and will cause an IO...

PT-2021-6876 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL version 3.0.0 OpenSSL versions prior to 3.0.1 Description: The issue is related to the mishandling of internal errors by the X509 verify cert function in OpenSSL. This function may return a negative value to indicate an internal error...

ALPINE-CVE-2016-7052

crypto/x509/x509vfy.c in OpenSSL 1.0.2i allows remote attackers to cause a denial of service NULL pointer dereference and application crash by triggering a CRL operation...