Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.5 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1323)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1323 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

7.5CVSS7.7AI score0.00459EPSS
Exploits2References6
Rosalinux
Rosalinux
added 2025/12/02 1:20 p.m.6 views

Advisory ROSA-SA-2025-3094

Software: curl 7.61.1 OS: ROSA Virtualization 2.1 packageevrstring: curl-7.61.1-34.0.2.rv3.2 CVE-ID: CVE-2022-32221 BDU-ID: 2022-07403 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent...

9.8CVSS7.9AI score0.36081EPSS
Exploits7
SUSE CVE
SUSE CVE
added 2025/05/09 3:46 a.m.3 views

SUSE CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS6.7AI score0.00301EPSS
Exploits1References3
OSV
OSV
added 2025/05/07 4:15 p.m.3 views

DEBIAN-CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS7.3AI score0.00301EPSS
Exploits1References1
Cloud Foundry
Cloud Foundry
added 2023/08/10 12:0 a.m.49 views

USN-6237-2: curl regression | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original...

5.9CVSS7.3AI score0.02211EPSS
Exploits2Affected Software3
Ubuntu
Ubuntu
added 2023/07/19 5:34 p.m.77 views

USN-6237-2: curl regression

USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain...

6.6AI score
Exploits0References1
OSV
OSV
added 2023/07/19 5:34 p.m.6 views

USN-6237-2 curl regression

USN-6237-1 fixed vulnerabilities in curl. The update caused a certificate wildcard handling regression on Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Hiroki Kurosawa discovered that curl incorrectly handled validating certain...

5.9AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.4 views

SUSE CVE-2013-2099

Algorithmic complexity vulnerability in the ssl.matchhostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-sslmatchhostname as used for older Python versions, allows remote attackers to cause a denial of service CPU consumption via multiple wildcard...

4.3CVSS6.2AI score0.04857EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:32 a.m.4 views

SUSE CVE-2014-0139

cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...

5.8CVSS6.8AI score0.04888EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/01/13 8:24 p.m.5 views

python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns

A denial of service flaw was found in the way Python's SSL module implementation performed matching of certain certificate names. A remote attacker able to obtain a valid certificate that contained multiple wildcard characters could use this flaw to issue a request to validate such a certificate,...

4.3CVSS7.3AI score0.04857EPSS
Exploits0References4
Rows per page
Query Builder