1173 matches found
CVE-2026-9697
undici’s ProxyAgent drops the requestTls option when used with a SOCKS5 proxy (socks5:// or socks://), causing the HTTPS connection to rely on Node’s default trust store and ignore user-provided ca, cert, key, rejectUnauthorized, and servername. This allows any cert signed by a publicly trusted C...
SUSE CVE-2026-48860
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...
CVE-2026-9648 CVE-2026-9648
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...
CVE-2026-9648
The CVE-2026-9648 affects the crypton-x509-validation (and related crypton-x509) libraries used in Haskell TLS stacks. The root cause is the failure to enforce X.509 NameConstraints, allowing a TLS client to accept SANs outside the issuing sub-CA’s permitted subtrees. This enables an attacker who...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...
openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
certificate handling for haskell 安全漏洞
Certificate Handling for Haskell is a X509 certificate processing and verification tool developed by Kazu Yamamoto. There are security vulnerabilities in Certificate Handling for Haskell. These vulnerabilities stem from the lack of enforcement of X.509 name constraints. This may allow TLS clients...
GHSA-8H84-FHQQ-Q58V nebula-mesh: Decrypted CA private key persists in heap after signing
internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...
nebula-mesh: Decrypted CA private key persists in heap after signing
internal/pki/resolver.go:36-64 constructs a CAManager with the plaintext ed25519.PrivateKey after unwrapping via the master key; internal/pki/ca.go:13-16 stores it. Callers at internal/api/enroll.go:116, internal/api/updates.go:297, and internal/api/mobilebundle.go:40 use the manager for one Sign...
CVE-2026-48860 Distribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_dist
Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl inettlsdist module allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inettlsdist:checkip/1 function, which enforces a LAN allowlist for Erlang distribution over TLS, calls inet:sockname/1 instead...
CVE-2026-52754
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...
CVE-2026-52754 Ghidra < 12.1 - Authentication Bypass via Null Signature in PKIAuthenticationModule
Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate that allows any user with a valid CA-signed certificate to impersonate other users by presenting their public certificate with a null signature. Attackers can escalate privileges, modify...
samba: group policy certificate enrollment uses http:// without validation
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
CVE-2026-29114
The CVE-2026-29114 entry describes a vulnerability in some Dahua products where an attacker may obtain the device’s CA root certificate. If that CA is trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain. Th...
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...