CLEANSTART-2026-FP29743 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the elastic-beats-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-RG55910 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the mongodb package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-BL06950 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

CLEANSTART-2026-XO66167 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-operator-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

Amazon Linux 2 : docker, --advisory ALAS2ECS-2026-094 (ALASECS-2026-094)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2026-094 advisory. SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the progr...

Medium: docker

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : nerdctl, --advisory ALAS2-2025-3100 (ALAS-2025-3100)

The version of nerdctl installed on the remote host is prior to 2.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3100 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certifica...

Medium: runc

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : cni-plugins, --advisory ALAS2-2025-3098 (ALAS-2025-3098)

The version of cni-plugins installed on the remote host is prior to 1.7.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3098 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

Medium: docker

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

Amazon Linux 2 : oci-add-hooks, --advisory ALAS2ECS-2025-086 (ALASECS-2025-086)

The version of oci-add-hooks installed on the remote host is prior to 0-0.6.20200504git325a340. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-086 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain...

Medium: containerd

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

AZL-71447 CVE-2025-61727 affecting package golang 1.26.0-1

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

AZL-78927 CVE-2025-61727 affecting package golang 1.25.7-1

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2025-1687)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: java-1.6.0-openjdk

Issue Overview: Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883,...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20151118)

Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2015-4835, CVE-2015-4881, CVE-2015-4843, CVE-2015-4883, CVE-2015-4860,...