Lucene search
K

41 matches found

EUVD
EUVD
added 2026/06/09 6:30 p.m.14 views

EUVD-2026-35482

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

7.5CVSS5.6AI score0.00419EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.7 views

CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.7AI score0.00262EPSS
Exploits0References5
OSV
OSV
added 2026/04/15 12:44 a.m.16 views

CLEANSTART-2026-QO20135 When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint

Multiple security vulnerabilities affect the minio-operator-fips package. When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. See references for individual...

9.8CVSS7.2AI score0.01945EPSS
Exploits2References30
OSV
OSV
added 2026/04/09 10:16 p.m.2 views

DEBIAN-CVE-2026-5263

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

6.5CVSS5.3AI score0.00165EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/09 10:8 p.m.8 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of URI name constraints during certificate chain verification in the ConfirmNameConstraints process. An attacker can bypass intended certificate restrictions by presenting a...

7CVSS5.8AI score0.00165EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:15 p.m.3 views

CVE-2026-5263

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS5.9AI score0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 9:15 p.m.9 views

CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS5.8AI score0.00165EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/09 9:15 p.m.4 views

CVE-2026-5263

URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...

7CVSS5.3AI score0.00165EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from inefficient verification of the certificate chain used for validation strategies,...

7.5CVSS7.3AI score0.00349EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/27 8:50 p.m.32 views

CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

7.4CVSS0.00348EPSS
Exploits1References2
OSV
OSV
added 2026/03/27 8:50 p.m.4 views

CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions...

7.4CVSS6.6AI score0.00348EPSS
Exploits1References11
OSV
OSV
added 2026/03/26 10:5 p.m.4 views

GHSA-2328-F5F3-GJ25 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

7.4CVSS6.9AI score0.00348EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/26 10:5 p.m.21 views

Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)

Summary pki.verifyCertificateChain does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the basicConstraints and keyUsage extensions. This allows any leaf certificate without these extensions to act as a CA and sign other certificates, which node-for...

9.1CVSS6.9AI score0.00348EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.12 views

MiracleLinux 9 : golang-1.19.13-1.el9, go-toolset-1.19.13-1.el9 (AXSA:2023-6512:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6512:05 advisory. golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 HTTP/2: Multiple HTTP/2 enabled web server...

7.5CVSS7.4AI score0.99999EPSS
Exploits19References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-22161

Malicious code in bioql PyPI...

5.9CVSS7AI score0.00667EPSS
Exploits0References6
Citrix
Citrix
added 2024/09/13 12:0 a.m.8 views

Connector new installs fail due to installer is unable to verify the certificate chain

The new installation of Citrix Cloud Connector will result in the following error: "Unable to validate certificate chain while installing connector"...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2024/06/04 12:0 a.m.26 views

SUSE: Security Advisory (SUSE-SU-2024:1271-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS6.6AI score0.00718EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.19 views

SUSE SLES15: gnutls / libgnutls-devel / libgnutls30 / libgnutls30-32bit / etc (SUSE-SU-2024:1271-2)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1271-2 advisory. - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA bsc1221746 - CVE-2024-28835: Fixed denial of service during...

5.3CVSS6.4AI score0.00718EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2024/06/03 12:0 a.m.20 views

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1793)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.8AI score0.03658EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/28 12:0 a.m.39 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-629)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-629 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing...

7.5CVSS7.4AI score0.91969EPSS
Exploits1References14
Rows per page
Query Builder