Lucene search
+L

36906 matches found

OSV
OSV
added 5 days ago4 views

JLSEC-2026-697 X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier ...

X.509 trust-chain bypass in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra OPENSSLEXTRA and whose application validates certificates by calling X509verifycert with caller-supplied untrusted intermediate certificates; for...

8.7CVSS6.1AI score0.00145EPSS
Exploits0References5
OSV
OSV
added 5 days ago11 views

JLSEC-2026-687 With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is...

With TLS 1.2 connections a client can use any digest, specifically a weaker digest that is supported, rather than those in the CertificateRequest...

5.4CVSS6.1AI score0.00127EPSS
Exploits0References3
OSV
OSV
added 5 days ago5 views

JLSEC-2026-724 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow...

X.509 date buffer overflow in wolfSSLX509notAfter / wolfSSLX509notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS...

4.3CVSS6.2AI score0.00122EPSS
Exploits0References3
OSV
OSV
added 5 days ago7 views

JLSEC-2026-699 X.509 trust-chain bypass (path-depth exhaustion) in the OpenSSL compatibility certificate...

X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...

8.2CVSS6.1AI score0.00145EPSS
Exploits0References5
OSV
OSV
added 5 days ago6 views

JLSEC-2026-755 X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A...

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

7.5CVSS6.1AI score0.00124EPSS
Exploits0References5
OSV
OSV
added 5 days ago4 views

JLSEC-2026-700 Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a...

Out-of-bounds heap read during SM2/SM3 certificate signature verification. When parsing a certificate with an SM3wSM2 signature, the Subject Key Identifier computation reads the trailing 65 bytes of the public key without checking that the key is at least that long. A public key shorter than 65...

7.5CVSS6.1AI score0.00226EPSS
Exploits0References5
OSV
OSV
added 5 days ago4 views

JLSEC-2026-703

An integer overflow vulnerability existed in the static function wolfssladdtochain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssladdtochain is called by these API: wolfSSLCTXaddextrachaincert,...

5.5CVSS6.2AI score0.00064EPSS
Exploits0References1
OSV
OSV
added 5 days ago6 views

JLSEC-2026-730 wolfSSL_X509_verify_cert in the OpenSSL compatibility layer accepts a certificate chain in which...

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

8.6CVSS6.2AI score0.00184EPSS
Exploits0References3
OSV
OSV
added 5 days ago3 views

JLSEC-2026-750 Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1...

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

4.3CVSS6.1AI score0.00074EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

JLSEC-2026-694 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer...

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS6.1AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 5 days ago4 views

JLSEC-2026-715 An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN)...

An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name SAN extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect...

8.1CVSS6.1AI score0.00135EPSS
Exploits0References3
OSV
OSV
added 5 days ago4 views

JLSEC-2026-723 Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer...

Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension...

7.5CVSS6.2AI score0.00222EPSS
Exploits0References3
OSV
OSV
added 5 days ago7 views

JLSEC-2026-707 Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a...

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs,...

9.8CVSS6.2AI score0.00471EPSS
Exploits1References6
OSV
OSV
added 5 days ago6 views

JLSEC-2026-716 Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA...

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

9.3CVSS6.2AI score0.00468EPSS
Exploits1References4
OSV
OSV
added 5 days ago4 views

JLSEC-2026-735 Un-negotiated Raw Public Key (RFC 7250) accepted in place of an X.509 certificate, bypassing...

Un-negotiated Raw Public Key RFC 7250 accepted in place of an X.509 certificate, bypassing chain validation. A raw public key has no chain, so ParseCertRelative accepts it without performing any trust verification; it must therefore only be accepted when RPK was actually negotiated for that peer...

8.2CVSS6.1AI score0.00145EPSS
Exploits0References5
OSV
OSV
added 5 days ago3 views

JLSEC-2026-737 TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished...

TLS 1.3 post-handshake authentication PHA issue where a server could accept a client's Finished message without the client having sent a Certificate and CertificateVerify. The post-handshake-auth exemption that allows an empty/absent peer certificate was only intended for the initial handshake, b...

6.5CVSS6.1AI score0.00143EPSS
Exploits0References5
OSV
OSV
added 5 days ago8 views

JLSEC-2026-669

In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sigalgo field differs between the certificateverify message and the certificate message...

6.5CVSS6.6AI score0.00628EPSS
Exploits0References2
OSV
OSV
added 5 days ago6 views

JLSEC-2026-696 Certificates with wildcard DNS SANs (e.g. *.example.com) bypassed CA name-constraint checks. A...

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS6.1AI score0.00124EPSS
Exploits0References5
NVD
NVD
added 5 days ago4 views

CVE-2026-48815

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 4.1.1, the documented certificateOIDs option in sigstore.verify is accepted by the public API but discarded before verification, so required certificate extension OIDs are never checked and applications...

7.5CVSS0.0019EPSS
Exploits0References4
NVD
NVD
added 5 days ago4 views

CVE-2026-48816

sigstore-js provides JavaScript libraries for interacting with Sigstore services. Prior to 3.1.1, @sigstore/verify derives a transparency-log timestamp from tlogEntries.integratedTime for bundle v0.2 inclusionProof-only entries even though the inclusion proof path does not cryptographically bind...

6.5CVSS0.00158EPSS
Exploits0References4
Rows per page
Query Builder