Lucene search
K

54 matches found

Snyk
Snyk
added 2026/05/20 3:35 p.m.11 views

User Impersonation

Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to User...

8.5CVSS5.9AI score0.00069EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-29126

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.0 Description Botan is a C++ cryptography library. When processing X.509 certificate paths with DNS name constraints, a case-sensitive comparison of the Common Name CN allowed a certificate to bypass restrictions...

5.9CVSS5.9AI score0.00158EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/25 8:18 p.m.6 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0
OSV
OSV
added 2025/12/18 8:49 a.m.4 views

SUSE-SU-2025:4444-1 Security update 5.1.1.1 for Multi-Linux Manager Client Tools

This update fixes the following issues: grafana was updated from version 11.5.7 to 11.5.10: - Security issues fixed: CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version 11.5.10...

8.8CVSS7.3AI score0.00502EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-31364

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.09358EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-44533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects...

5.3CVSS6.6AI score0.09358EPSS
Exploits1References2
OSV
OSV
added 2024/12/16 2:3 p.m.13 views

BIT-NODE-MIN-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.3CVSS6.5AI score0.09358EPSS
Exploits1References7
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.4 views

Bouncy Castle 信任管理问题漏洞

Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages. A security vulnerability exists in Bouncy Castle For Java versions prior to 1.74, which stems from an LDAP injection vulnerability due to a failure to...

5.3CVSS6.7AI score0.00772EPSS
Exploits0References16
OSV
OSV
added 2023/07/01 11:5 a.m.3 views

OESA-2023-1391 bouncycastle security update

A Java implementation of cryptographic algorithms. Security Fixes: A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to...

5.3CVSS6.3AI score0.00772EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.7 views

SUSE CVE-2004-0488

Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...

7.5CVSS8.4AI score0.37681EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.5 views

SUSE CVE-2006-7246

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used...

6.8CVSS7.1AI score0.00884EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1429

Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766...

5.8CVSS8.9AI score0.01475EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:23 a.m.5 views

SUSE CVE-2015-0210

wpasupplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack...

5.9CVSS6.9AI score0.00903EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.10 views

SUSE CVE-2021-44533

Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...

5.9CVSS7AI score0.09358EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.34 views

Oracle Linux 8 : nodejs:14 (ELSA-2022-7830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7830 advisory. - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 - Rebase to...

8.8CVSS7.5AI score0.21514EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2022/11/08 11:39 a.m.4 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2022/11/08 10:51 a.m.54 views

nodejs:14 security update

An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...

8.2CVSS8.4AI score0.21514EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2022/11/08 12:0 a.m.42 views

RHEL 8 : nodejs:14 (RHSA-2022:7830)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7830 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.2CVSS7.4AI score0.21514EPSS
Exploits3References13
RedHat Linux
RedHat Linux
added 2022/10/19 10:12 a.m.6 views

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

5.3CVSS7.4AI score0.09358EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2022/10/19 12:0 a.m.55 views

RHEL 7 : rh-nodejs14-nodejs (RHSA-2022:7044)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7044 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS7.3AI score0.21514EPSS
Exploits4References15
Rows per page
Query Builder