Lucene search
K

154 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6091

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An...

6.5CVSS6AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 8:17 p.m.9 views

CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 8:17 p.m.7 views

UBUNTU-CVE-2026-55964

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 7:30 p.m.36 views

CVE-2026-55964 Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA (temporary CA exemption)

Chain intermediate CA:TRUE without keyCertSign accepted as a signing CA. Intermediate CA certificates are required to have the keyCertSign key usage when a Key Usage extension is present, but chain-supplied temporary CAs WOLFSSLTEMPCA added while building a certificate path were previously exempt...

6.3CVSS0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:30 p.m.18 views

CVE-2026-55964

CVE-2026-55964 describes a change in certificate path validation affecting OpenSSL-compatibility path building (X509_verify_cert / X509_STORE). Previously, chain-supplied temporary CAs (WOLFSSL_TEMP_CA) could be accepted as signing CAs even if the intermediate CA had CA:TRUE but lacked keyCertSig...

6.3CVSS5.9AI score0.00118EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/25 4:46 p.m.8 views

EUVD-2026-39486

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6CVSS5.9AI score0.00121EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:46 p.m.6 views

CVE-2026-6091

Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL...

6CVSS5.9AI score0.00121EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52573

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description An issue exists where chain intermediate certificates asserting CA:TRUE but lacking the keyCertSign key usage were accepted as signing CAs. This occurs because chain-supplied temporary CAs...

6.3CVSS5.8AI score0.00118EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.10 views

CVE-2026-42790

A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.21 views

RockyLinux 9 : opentelemetry-collector (RLSA-2026:19353)

The remote RockyLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2026:19353 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go:...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References17
SUSE Linux
SUSE Linux
added 2026/04/20 10:8 a.m.6 views

Security update for opensc

This update for opensc fixes the following issues: CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds heap...

3.9CVSS6.1AI score0.00282EPSS
Exploits2References16
EUVD
EUVD
added 2026/04/08 12:4 a.m.7 views

EUVD-2026-19736

pyload-ng: Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng...

6.8CVSS5.9AI score0.00142EPSS
Exploits1References2
NVD
NVD
added 2026/03/30 9:17 p.m.5 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/03/30 9:17 p.m.3 views

UBUNTU-CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/30 8:36 p.m.5 views

EUVD-2026-17211

Botan is a C++ cryptography library. From version 3.0.0 to before version 3.11.0, during X509 path validation, OCSP responses were checked for an appropriate status code, but critically omitted verifying the signature of the OCSP response itself. This issue has been patched in version 3.11.0...

5.9CVSS5.8AI score0.00154EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/30 8:36 p.m.4 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.3AI score0.00158EPSS
Exploits0
EUVD
EUVD
added 2026/03/30 8:36 p.m.5 views

EUVD-2026-17212

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:36 p.m.2 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/30 8:36 p.m.13 views

CVE-2026-32884

CVE-2026-32884 — Botan (C++ crypto library) : Prior to version 3.11.0, during X.509 name constraints processing, Botan could mis-handle a mixed-case common name (CN) when no subject alternative name (SAN) is present. The CN check against DNS name constraints was effectively case-sensitive, allowi...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/30 8:36 p.m.3 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.7AI score0.00158EPSS
Exploits0References1
Rows per page
Query Builder