CLSA-2026-1770112258 golang: Fix of CVE-2025-61729

CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs...

CLEANSTART-2026-IY17697 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the elastic-beats-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

MiracleLinux 8 : nodejs:16 (AXSA:2022-4547:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4547:01 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-4453...

BIT-ENVOY-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...

GHSA-RWJG-C3H2-F57P Envoy's TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Summary Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches. Details This occurs when the SAN is encoded as a BMPSTRING or UNIVERSALSTRING, and its UTF-8 conversion...

CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...

SUSE CVE-2021-44532

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 converts SANs Subject Alternative Names to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used withi...

Envoy 信任管理问题漏洞

Envoy is an open source distributed proxy server. Envoy has a trust management issue vulnerability that stems from a type confusion error in the defaultvalidator.cc implementation used to implement the default certificate validation routines when handling subjectAltNames. no details of the...

SSL/TLS: Collect and Report Certificate Details

This script collects and reports the details of all SSL/TLS certificates. This data will be used by other tests to verify server certificates. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : puppet vulnerability (USN-1238-1)

It was discovered that Puppet incorrectly handled the non-default 'certdnsnames' option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master'...

DEBIAN-CVE-2010-2547

Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG 2.x through 2.0.16 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a certificate with a large number of Subject Alternate Names, which is not properly handled in a realloc...

Mozilla Firefox Multiple Vulnerability July-08 (Linux)

The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08lin.nasl 6539 2017-07-05 12:02:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Linux Authors: Chandan S Copyright: Copyright c 2008...

Mozilla Thunderbird Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Multiple Vulnerabilities (Jul 2008) - Linux

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla Seamonkey Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Seamonkey, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Seamonkey Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...

Mozilla Firefox Multiple Vulnerability July-08 (Windows)

The host is installed with Mozilla Firefox browser, that is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbfirefoxmultvulnjuly08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Mozilla Firefox Multiple Vulnerability July-08 Windows Authors: Chandan S Copyright: Copyright c 2008...

Mozilla Firefox Multiple Vulnerabilities (Jul 2008) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SeaMonkey < 1.1.10 Multiple Vulnerabilities

The installed version of SeaMonkey is affected by various security issues : - A stability problem that could result in a crash during JavaScript garbage collection MFSA 2008-20. - Several stability bugs leading to crashes which, in some cases, show traces of memory corruption MFSA 2008-21. - A...