Lucene search
+L

27 matches found

nessus
nessus
added 2026/06/29 12:0 a.m.10 views

Oracle Linux 9 : gnutls (ELSA-2026-50346)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-50346 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01335EPSS
Exploits3References14
nessus
nessus
added 2026/06/26 12:0 a.m.10 views

Oracle Linux 9 : gnutls (ELSA-2026-20612)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20612 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01335EPSS
Exploits2References14
osv
osv
added 2026/06/05 1:57 p.m.5 views

SUSE-SU-2026:22086-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: Security fixes: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359. Other fixes: - Accept localhost hostnames if static bsc1257366...

3.3CVSS5.2AI score0.00162EPSS
Exploits0References4
nessus
nessus
added 2026/06/03 12:0 a.m.32 views

Oracle Linux 8 : gnutls (ELSA-2026-20611)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20611 advisory. - Fix CVE-2026-33846 DTLS fragment reassembly, High, heap overwrite - Fix CVE-2026-42009 DTLS fragment reassembly, High, undefined behaviour - Fix...

9.8CVSS5.9AI score0.01335EPSS
Exploits1References12
debian
debian
added 2026/05/19 8:43 p.m.108 views

[SECURITY] [DSA 6281-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6281-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2026 https://www.debian.org/security/faq -...

9.8CVSS6AI score0.01335EPSS
Exploits2
nessus
nessus
added 2026/05/14 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-8367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for ...

4.8CVSS5.5AI score0.0011EPSS
Exploits0References3
euvd
euvd
added 2026/05/13 6:30 p.m.7 views

EUVD-2026-30042

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
osv
osv
added 2026/05/13 4:17 p.m.8 views

UBUNTU-CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References4
susecve
susecve
added 2026/05/01 2:12 a.m.11 views

SUSE CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.3AI score0.00155EPSS
Exploits1References3
osv
osv
added 2026/04/29 9:16 p.m.9 views

DEBIAN-CVE-2026-1858

wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.3AI score0.00155EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/04/29 12:0 a.m.8 views

PT-2026-36003

Name of the Vulnerable Software and Affected Versions wget2 affected versions not specified Description An issue exists where the software accepts server certificates with incorrect Key Usage KU or Extended Key Usage EKU. This could allow an attacker who has compromised a certificate and its...

4.8CVSS5.2AI score0.00155EPSS
Exploits1References4
debiancve
debiancve
added 2026/01/26 7:58 p.m.9 views

CVE-2025-9615

A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added t...

3.3CVSS4.3AI score0.00162EPSS
Exploits0
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-18350

Malware in sbrugna...

3.5CVSS4.8AI score0.00248EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-3811

Malware in sbrugna...

4CVSS6AI score0.01914EPSS
Exploits1References15
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-3504

Malware in sbrugna...

9.3CVSS7.9AI score0.00389EPSS
Exploits0References3
osv
osv
added 2025/05/22 1:36 p.m.16 views

CVE-2025-4575 The x509 application adds trusted use instead of rejected use

Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use. A copy & paste...

6.5CVSS6.9AI score0.00306EPSS
Exploits0References5
nvd
nvd
added 2024/09/05 7:15 p.m.20 views

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...

9.8CVSS0.00387EPSS
Exploits0References3
redhat
redhat
added 2022/10/24 7:29 a.m.5 views

pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.7AI score0.00235EPSS
Exploits0References4
osv
osv
added 2022/07/14 3:15 p.m.7 views

UBUNTU-CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

5.7CVSS5.8AI score0.00235EPSS
Exploits0References3
osv
osv
added 2022/03/23 8:15 p.m.7 views

AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

7.4CVSS7.1AI score0.02037EPSS
Exploits0References1
Rows per page
Query Builder