Lucene search
K

13 matches found

CVE
CVE
added 4 days ago15 views

CVE-2026-8932

CVE-2026-8932 : The vulnerability describes incomplete mTLS config matching in libcurl’s connection reuse logic. A previously used TLS client-certificate-related setting (notably the private key) was omitted from the configuration match checks, causing connections in the pool to be reused even wh...

7.5CVSS6.2AI score0.00129EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 9:12 p.m.2 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/13 6:54 p.m.8 views

CVE-2025-66220

A flaw was found in Envoy. This vulnerability allows mTLS mutual Transport Layer Security certificate validation bypass via a certificate containing an embedded null byte \0 inside an OTHERNAME SAN Subject Alternative Name value. Mitigation Mitigation for this issue is either not available or the...

7.1CVSS5.8AI score0.00164EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/03 6:31 p.m.20 views

CVE-2025-66220 Envoy’s TLS certificate matcher for `match_typed_subject_alt_names` may incorrectly treat certificates containing an embedded null byte

Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for matchtypedsubjectaltnames may incorrectly treat certificates containing an embedded null byte \0 inside an OTHERNAME SAN value as valid matches...

5CVSS0.00164EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/05/09 3:46 a.m.3 views

SUSE CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS6.7AI score0.00301EPSS
Exploits1References3
OSV
OSV
added 2025/05/07 3:12 p.m.10 views

CVE-2024-47619 tranport: TLS host name wildcard matching too lax

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS7.2AI score0.00301EPSS
Exploits1References7
OSV
OSV
added 2023/06/10 11:5 a.m.4 views

OESA-2023-1346 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback...

5.9CVSS6.5AI score0.02211EPSS
Exploits2References3
Microsoft Secure
Microsoft Secure
added 2021/08/04 10:0 p.m.223 views

Spotting brand impersonation with Swin transformers and Siamese neural networks

Every day, Microsoft Defender for Office 365 encounters millions of brand impersonation emails. Our security solutions use multiple detection and prevention techniques to help users avoid divulging sensitive information to phishers as attackers continue refining their impersonation tricks. In thi...

Exploits0
CNVD
CNVD
added 2018/04/04 12:0 a.m.6 views

Botan Design Vulnerability (CNVD-2018-08488)

Botan is a library of cryptographic algorithms in the C++ programming language that supports AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan versions 2.2.0 through 2.4.0, which stems from the program failing to properly match wildcard certificates. An attack...

9.8CVSS6.8AI score0.00963EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/05/31 10:4 a.m.7 views

python: wildcard matching rules do not follow RFC 6125

Multiple flaws were found in the way Python's SSL module performed matching of certificate names containing wildcards. A remote attacker able to obtain a valid certificate that contained certain names with wildcards could have them incorrectly accepted by Python SSL clients, not following the RFC...

5.9CVSS7.4AI score0.01944EPSS
Exploits0References4
CNVD
CNVD
added 2015/10/03 12:0 a.m.1 views

AdNovum nevisAuth SAML Certificate Matching Vulnerability

AdNovum nevisAuth is a user system authentication and access management solution. AdNovum nevisAuth fails to correctly match X.509 certificates and IdP certificates, allowing remote attackers to submit specially crafted certificates to inject arbitrary SAML assertions...

5CVSS7.2AI score0.00871EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2015/04/17 12:0 a.m.32 views

Safari < 6.2.5 / 7.1.5 / 8.0.5 Multiple Vulnerabilities

Binary data 8696.prm...

6.8CVSS8.4AI score0.09964EPSS
Exploits2References11
FreeBSD
FreeBSD
added 2014/08/06 12:0 a.m.39 views

subversion -- several vulnerabilities

Subversion Project reports: Using the Serf RA layer of Subversion for HTTPS uses the aprfnmatch API to handle matching wildcards in certificate Common Names and Subject Alternate Names. However, aprfnmatch is not designed for this purpose. Instead it is designed to behave like common shell...

4CVSS8.3AI score0.07495EPSS
Exploits0References2
Rows per page
Query Builder