RUSTSEC-2026-0042 CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...

CVE-2020-16228

In Patient Information Center iX PICiX Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate...

GO-2025-3381 notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go

notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go...

CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

CVE-2024-56138

CVE-2024-56138 affects notion-go, a library for signing/verifying OCI artifacts. The timestamp signature generation path did not verify the revocation status of certificates in the TSA chain, enabling a potential MITM-era countersignature that could be stored by notation and cause CI/CD signature...

CVE-2024-56138 Timestamp signature generation lacks certificate revocation check in notion-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificates used to...

GHSA-45V3-38PC-874V notation-go's timestamp signature generation lacks certificate revocation check

This issue was identified during Quarkslab's audit of the timestamp feature. Summary During the timestamp signature generation, the revocation status of the certificates used to generate the timestamp signature was not verified. Details During timestamp signature generation, notation-go did not...

notion-go 安全漏洞

notion-go is a collection of libraries that support signing and verifying OCI artifacts for notaryproject individual developers. A security vulnerability exists in notion-go versions 1.2.0-beta.1 through 1.3.0-rc.1, which stems from a failure to validate the revocation status of a certificate whe...

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

SUSE CVE-2014-3250

The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4...

SUSE CVE-2019-19271

An issue was discovered in tlsverifycrl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries installed by a system administrator, can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to...

Dell EMC Storage信任管理问题漏洞

A security vulnerability exists in Dell EMC Storage, a data storage solution from Dell, U.S.A. The vulnerability stems from incorrect certificate revocation checks. An attacker could use the vulnerability to perform a man-in-the-middle attack and eavesdrop on encrypted communications from a cloud...

DEBIAN-CVE-2019-19270

An issue was discovered in tlsverifycrl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry checking twice for subject, rather than once for subject and once for issuer prevents some valid CRLs from being taken into account, and can allow clients whose certificate...

DEBIAN-CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

CVE-2011-5121

The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors...