Lucene search
K

11 matches found

SUSE CVE
SUSE CVE
added 2026/04/10 11:25 p.m.6 views

SUSE CVE-2026-34582

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

9.1CVSS5.8AI score0.00233EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 9:13 p.m.22 views

CVE-2026-34582 Botan has a TLS 1.3 certificate authentication bypass

Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which...

8.7CVSS0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 9:13 p.m.36 views

CVE-2026-34582

Botan TLS 1.3 vulnerability (CVE-2026-34582) affects Botan prior to 3.11.1, where ApplicationData records could be processed before the TLS Finished message, allowing bypass of client authentication via certificates. Affected: Botan before 3.11.1. Mitigation: upgrade to Botan 3.11.1 or later (sec...

9.1CVSS5.9AI score0.00233EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/09/17 10:24 a.m.2 views

SUSE-SU-2025:03243-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 bsc1236851...

6.3CVSS7.3AI score0.02646EPSS
Exploits0References5
OSV
OSV
added 2025/09/05 10:38 a.m.3 views

SUSE-SU-2025:03089-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2025-53859: the server side may leak arbitrary bytes during the NGINX SMTP authentication process bsc1248070. - CVE-2025-23419: session resumption can bypass client certificate authentication requirements using TLSv1.3 bsc1236851...

6.3CVSS6.7AI score0.02646EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 2:27 a.m.5 views

CVE-2012-0717

IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors...

2.6CVSS7AI score0.01109EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/23 12:0 a.m.13 views

Amazon AWS IoT Device SDK 信任管理问题漏洞

The Amazon AWS IoT Device SDK is a collection of C source files under the MIT Open Source License from Amazon.com, Inc. that can be used in embedded applications to securely connect IoT devices to the AWS IoT Core.It includes an MQTT, JSON parser, and the AWS IoT Device Shadow library. It is...

8.8CVSS8AI score0.00375EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/07/12 10:35 a.m.9 views

CVE-2021-3547

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration...

7.4CVSS7.5AI score0.00972EPSS
Exploits0
NCSC
NCSC
added 2021/07/12 12:0 a.m.4 views

Vulnerability fixed in OpenVPN

A vulnerability has been fixed in OpenVPN. The vulnerability allows a malicious party in a Man-in-the-Middle position to be able to bypass certificate-based authentication. To do so the malicious party must generate its own server certificate containing containing the hostname as it appears in th...

7.4CVSS6.9AI score0.00972EPSS
Exploits0
CNNVD
CNNVD
added 2021/07/12 12:0 a.m.4 views

OpenVPN 信任管理问题漏洞

OpenVPN is a software package for creating virtual private network VPN encrypted tunnels from US-based OpenVPN, which uses the OpenSSL library to encrypt data and control information and allows the created VPN to be authenticated using a public key, an electronic certificate, or a...

7.4CVSS7.2AI score0.00972EPSS
Exploits0References3
OSV
OSV
added 2019/10/08 6:15 p.m.4 views

DEBIAN-CVE-2019-17134

Amphora Images in OpenStack Octavia =0.10.0 =3.0.0 =4.0.0 4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the...

9.1CVSS6.9AI score0.02296EPSS
Exploits0References1
Rows per page
Query Builder