438 matches found
CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates
Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...
CVE-2025-6037
Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...
CVE-2025-23048
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...
UBUNTU-CVE-2025-23048
In some modssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when modssl is configured for multiple virtual hosts, with each restricted to a different set of...
TencentOS Server 3: stunnel (TSSA-2022:0220)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2022:0220 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
CVE-2022-29222
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection...
Linux Distros Unpatched Vulnerability : CVE-2021-3698
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon SSSD...
USN-7285-1 nginx vulnerability
It was discovered that nginx incorrectly handled when multiple server blocks are configured to share the same IP address and port. An attacker could use this issue to use session resumption to bypass client certificate authentication requirements on these servers. This issue only affected Ubuntu...
GHSA-JPMC-7P9C-4RXF lxd has a restricted TLS certificate privilege escalation when in PKI mode
Summary If a server.ca file is present in LXDDIR at LXD start up, LXD is in "PKI mode". In this mode, all clients must have certificates that have been signed by the CA. The LXD configuration option core.trustcacertificates defaults to false. This means that although the client certificate has be...
UBUNTU-CVE-2024-49369
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...
golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm
A flaw was found in Go's crypto/x509 standard library package. Verifying a certificate chain that contains a certificate with an unknown public key algorithm will cause a Certificate.Verify to panic. This issue affects all crypto/tls clients and servers that set Config.ClientAuth to...
BIT-VALKEY-2021-32675 DoS vulnerability in Redis
Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol RESP request, Redis allocates memory according to user-specified values which determine the number of elements in the multi-bulk header and size of each element in the bulk header. ...
RHEL 6 : dovecot (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dovecot: Buffer overflow in indexer-worker process results in privilege escalation CVE-2019-7524 - A...
USN-6772-1 strongswan vulnerability
Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to bypass access controls...
CVE-2023-27336
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this...
CVE-2023-41185
The CVE-2023-41185 issue affects Unified Automation UaGateway. The vulnerability is in the processing of client certificates where the certificate length field is not properly validated, allowing an integer overflow that can cause a denial-of-service. Authentication is not required. Exploitation ...
CVE-2023-32170 Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability
Unified Automation UaGateway OPC UA Server Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. User interaction is required to exploit this...
CVE-2023-27336
CVE-2023-27336 affects Softing edgeConnector Siemens OPC UA Server via a NULL pointer dereference in the handling of OPC client certificates. This unauthenticated, network-exploitable vulnerability can cause a denial-of-service condition on affected installations. The documented impact is limited...
CVE-2023-27336 Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability
Softing edgeConnector Siemens OPC UA Server Null Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Softing edgeConnector Siemens. Authentication is not required to exploit this...