Lucene search
K

6 matches found

CVE
CVE
added 2026/06/26 5:27 p.m.27 views

CVE-2026-47778

Envoy CVE-2026-47778 describes a TLS DNS SAN truncation flaw in DefaultCertValidator::verifySubjectAltName. Before 1.35.11, 1.36.7, 1.37.3, and 1.38.1, an embedded NUL in a dNSName SAN can be partially preserved by generalNameAsString but truncated when converted to a C-style string via .c_str(),...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/23 6:17 p.m.5 views

CVE-2026-33557

A flaw was found in Apache Kafka. By default, the sasl.oauthbearer.jwt.validator.class property is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator, which does not validate JSON Web Token JWT signatures, issuers, or audiences. A remote attacker can exploit this by crafting ...

9.1CVSS5.8AI score0.00581EPSS
Exploits0References6
OSV
OSV
added 2026/04/22 8:40 a.m.5 views

BIT-KAFKA-2026-33557 Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...

9.1CVSS5.7AI score0.00581EPSS
Exploits0References7
NVD
NVD
added 2026/04/20 2:16 p.m.6 views

CVE-2026-33557

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...

9.1CVSS0.00581EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/04/20 1:28 p.m.37 views

CVE-2026-33557 Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication

A possible security vulnerability has been identified in Apache Kafka. By default, the broker property sasl.oauthbearer.jwt.validator.class is set to org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator. It accepts any JWT token without validating its signature, issuer, or audience. A...

0.00581EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.5 views

SUSE CVE-2022-21656

Envoy is an open source edge and service proxy, designed for cloud-native applications. The defaultvalidator.cc implementation used to implement the default certificate validation routines has a "type confusion" bug when processing subjectAltNames. This processing allows, for example, an rfc822Na...

7.4CVSS5.8AI score0.00768EPSS
Exploits0References3
Rows per page
Query Builder