Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : compat-golang-github-cpuguy83-md2man-2-devel, golang-github-cpuguy83-md2man, golang-github-cpuguy83-md2man-devel (ALAS2023-2026-1875)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1875 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...

7.5CVSS6.2AI score0.00904EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/03 12:30 a.m.14 views

EUVD-2026-34038

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

5.9AI score0.00904EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-27145

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . t...

7.5CVSS6.1AI score0.00904EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-5676

Malware in sbrugna...

5.8CVSS6.4AI score0.0057EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2020/03/27 12:41 p.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Rational Directory Server (Tivoli) & Rational Directory Administrator

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 and Version 8 used by Rational Directory Server Tivoli and Rational Directory Administrator. These issues were disclosed as part of the IBM Java SDK updates in March 2020. Upgrade the JRE in order to resolve...

4.3CVSS0.6AI score0.03823EPSS
Exploits0Affected Software2
OSV
OSV
added 2018/10/16 8:50 p.m.3 views

GHSA-R53V-VM87-F72C Improper Validation of Certificates in apache axis

The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subjec...

5.8CVSS6.9AI score0.05806EPSS
Exploits0References25
PyPA
PyPA
added 2015/08/12 2:59 p.m.5 views

PYSEC-2015-1

Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

4.3CVSS6.9AI score0.00933EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2014/05/05 5:6 p.m.10 views

AZL-44784 CVE-2013-6444 affecting package pywbem 0.17.6-12

PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS5.9AI score0.00907EPSS
Exploits0References1
Prion
Prion
added 2012/11/04 10:55 p.m.15 views

Code injection

The LinkPoint module in Zen Cart does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS7AI score0.00566EPSS
Exploits1References1
PyPA
PyPA
added 2012/11/04 10:55 p.m.7 views

PYSEC-2012-12

Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted...

5.9CVSS6.8AI score0.01208EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder