13 matches found
CVE-2026-8932
CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...
CVE-2026-34580
Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...
CVE-2025-66220
A flaw was found in Envoy. This vulnerability allows mTLS mutual Transport Layer Security certificate validation bypass via a certificate containing an embedded null byte \0 inside an OTHERNAME SAN Subject Alternative Name value. Mitigation Mitigation for this issue is either not available or the...
CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte
Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...
SUSE CVE-2024-47619
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
CVE-2024-47619 tranport: TLS host name wildcard matching too lax
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...
OESA-2023-1346 curl security update
cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback...
Spotting brand impersonation with Swin transformers and Siamese neural networks
Every day, Microsoft Defender for Office 365 encounters millions of brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In thi...
Botan Design Vulnerability (CNVD-2018-08488)
Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan versions 2.2.0 through 2.4.0, which stems from the program failing to properly match wildcard certificates. An attack...
python: wildcard matching rules do not follow RFC 6125
Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC...
AdNovum nevisAuth SAML Certificate Matching Vulnerability
AdNovum nevisAuth is a user system authentication and access management solution. AdNovum nevisAuth fails to correctly match X.509 certificates and IdP certificates, allowing remote attackers to submit specially crafted certificates to inject arbitrary SAML assertions...
Safari < 6.2.5 / 7.1.5 / 8.0.5 Multiple Vulnerabilities
Binary data 8696.prm...
subversion -- several vulnerabilities
Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...