Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/03/24 11:28 a.m.3 views

CVE-2026-33307

A flaw was found in modgnutls, a TLS module for Apache HTTPD. A remote attacker could exploit this vulnerability by sending a specially crafted client certificate chain to a server configured to use client certificates. This could lead to a buffer overflow due to the module not properly checking...

7.5CVSS6.1AI score0.00342EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 1:34 a.m.5 views

EUVD-2026-14692

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS6AI score0.00342EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/24 1:34 a.m.27 views

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS0.00342EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 1:34 a.m.14 views

CVE-2026-33307

Mod_gnutls (Apache HTTPD TLS module) is affected by CVE-2026-33307 in versions prior to 0.12.3 and 0.13.0. The vulnerability arises from importing the client certificate chain into a fixed-size gnutls_x509_crt_t x509[] array without validating the number of certificates against the array length, ...

7.5CVSS6AI score0.00342EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.9 views

PT-2026-27302

Name of the Vulnerable Software and Affected Versions Mod gnutls versions prior to 0.12.3 Mod gnutls versions prior to 0.13.0 Description Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. The software contains an issue where code for client certificate verification imports the...

7.5CVSS5.9AI score0.00342EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2023-1672

Malicious code in bioql PyPI...

7.1CVSS6.2AI score0.00522EPSS
Exploits0References11
CVE
CVE
added 2023/10/04 10:59 a.m.181 views

CVE-2023-2422

CVE-2023-2422 describes an authentication flaw in Keycloak-based deployments where mTLS client certificate chain verification is insufficient. The vulnerability allows a client with a valid certificate to impersonate another client and access data belonging to that client. The issue is documented...

7.1CVSS6.5AI score0.00522EPSS
Exploits0References7Affected Software3
RedhatCVE
RedhatCVE
added 2023/06/26 6:48 p.m.71 views

CVE-2023-2422

A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to...

5.5CVSS7.5AI score0.00522EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/26 12:0 a.m.9 views

Red Hat Keycloak 信任管理问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from the server's inability to properly validate the client certificate chain...

7.1CVSS6.3AI score0.00522EPSS
Exploits0References11
Rows per page
Query Builder