54 matches found
User Impersonation
Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to User...
PT-2026-29126
Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.0 Description Botan is a C++ cryptography library. When processing X.509 certificate paths with DNS name constraints, a case-sensitive comparison of the Common Name CN allowed a certificate to bypass restrictions...
CVE-2026-33248
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...
SUSE-SU-2025:4444-1 Security update 5.1.1.1 for Multi-Linux Manager Client Tools
This update fixes the following issues: grafana was updated from version 11.5.7 to 11.5.10: - Security issues fixed: CVE-2025-64751: Drop experimental implementation of authorization Zanzana server/client version 11.5.10 bsc1254113 CVE-2025-47911: Fixed parsing HTML documents version 11.5.10...
EUVD-2021-31364
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-44533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects...
BIT-NODE-MIN-2021-44533
Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...
Bouncy Castle 信任管理问题漏洞
Bouncy Castle is a collection of APIs used in cryptography organized by Bouncy Castle. It includes APIs for the Java and C programming languages. A security vulnerability exists in Bouncy Castle For Java versions prior to 1.74, which stems from an LDAP injection vulnerability due to a failure to...
OESA-2023-1391 bouncycastle security update
A Java implementation of cryptographic algorithms. Security Fixes: A flaw was found in Bouncy Castle 1.73. This issue targets the fix of LDAP wild cards. Before the fix there was no validation for the X.500 name of any certificate, subject, or issuer, so the presence of a wild card may lead to...
SUSE CVE-2004-0488
Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN...
SUSE CVE-2006-7246
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used...
SUSE CVE-2011-1429
Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766...
SUSE CVE-2015-0210
wpasupplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack...
SUSE CVE-2021-44533
Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in...
Oracle Linux 8 : nodejs:14 (ELSA-2022-7830)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7830 advisory. - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 - Rebase to...
nodejs: Incorrect handling of certificate subject and issuer fields
A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...
nodejs:14 security update
An update is available for nodejs-nodemon, nodejs, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a software development platform f...
RHEL 8 : nodejs:14 (RHSA-2022:7830)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7830 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
nodejs: Incorrect handling of certificate subject and issuer fields
A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...
RHEL 7 : rh-nodejs14-nodejs (RHSA-2022:7044)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7044 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...