Astra Linux - уязвимость в openssl

Applications that use non-default options when verifying certificates may be vulnerable to attacks from a malicious Certificate Authority CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL, and other certificate policy checks for tha...

OESA-2026-2333 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

CLSA-2026-1778832314 Fix CVE(s): CVE-2026-3833

SECURITY UPDATE: Certificate policy bypass via case-sensitive nameConstraints - debian/patches/CVE-2026-3833.patch: replace memcmp with cstrncasecmp in endswith, emailendswith, dnsnamematches and emailmatches in lib/x509/nameconstraints.c so DNS labels and email domains are compared...

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2026-116 (ALASDOCKER-2026-116)

The version of runc installed on the remote host is prior to 1.3.4-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-116 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Medium: runfinch-finch

Issue Overview: SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a...

Amazon Linux 2 : docker, --advisory ALAS2DOCKER-2026-111 (ALASDOCKER-2026-111)

The version of docker installed on the remote host is prior to 25.0.14-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-111 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler...

Important: containerd

Issue Overview: Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption in programs compiled with...

JLSEC-2026-237 The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate...

The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate...

MiracleLinux 7 : openssl-1.0.2k-26.0.1.el7.AXS7 (AXSA:2024-8619:05)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8619:05 advisory. CVE-2023-0215: biondef: fix a UAF resulting from a bug in BIOnewNDEF CVE-2023-0464: x509v3: Limit X.509 certificate tree size to avoid exponential u...

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2024-23337 DESCRIPTION: jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, t...

ROS-20251016-04

Vulnerability of X509VERIFYPARAMadd0policy function of OpenSSL library is related to errors in the procedure of of certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "man-in-the-middle" type of attack. remotely to perform a...

EUVD-2018-17316

Malware in sbrugna...

EUVD-2023-12520

Malicious code in bioql PyPI...

EUVD-2023-25634

Malicious code in bioql PyPI...

CVE-2023-21466

PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission...

CVE-2023-21466

PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission...

CVE-2023-21466

CVE-2023-21466 is a PendingIntent hijacking vulnerability in the CertificatePolicy component of the Android framework on Samsung devices, prior to SMR Apr-2023 Release 1. It allows local attackers to access a contentProvider without proper permission. Affected: CertificatePolicy in framework; imp...

CVE-2023-21466

PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission...

CVE-2023-21466

PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission...