Lucene search
+L

378 matches found

RedhatCVE
RedhatCVE
added 2026/04/08 9:31 a.m.5 views

CVE-2026-34580

A flaw was found in Botan, a C++ cryptography library. Due to a misleading function name and an assumption in path validation logic, an end entity certificate could be incorrectly accepted as a trusted root. This occurs when the end entity certificate's Distinguished Name DN and Subject Key...

9.3CVSS5.8AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 10:16 p.m.8 views

ALPINE-CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

7.5CVSS5.4AI score0.00249EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/07 10:11 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper validation in the certificateknown function. An attacker can bypass certificate trust verification by presenting an end entity certificate with a distinguished name and subject key...

9.8CVSS5.7AI score0.00249EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/04/07 9:12 p.m.12 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.4AI score0.00249EPSS
Exploits0
CVE
CVE
added 2026/04/07 9:12 p.m.27 views

CVE-2026-34580

CVE-2026-34580 affects Botan 3.11.0, where Certificate_Store::certificate_known could misidentify certificates during path validation. The function returned true when the DN (and subject key identifier, if set) matched the argument, without verifying the certificates were identical. A later path-...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 9:12 p.m.2 views

CVE-2026-34580

Botan is a C++ cryptography library. In 3.11.0, the function CertificateStore::certificateknown had a misleading name; it would return true if any certificate in the store had a DN and subject key identifier, if set matching that of the argument. It did not check that the cert it found and the ce...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-31027

Name of the Vulnerable Software and Affected Versions Botan versions prior to 3.11.1 Description The Botan cryptography library contains a flaw in the Certificate Store::certificate known function. This function incorrectly identifies certificates, returning true if any certificate in the store h...

9.3CVSS5.9AI score0.00249EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.13 views

SUSE CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/01 9:30 p.m.9 views

EUVD-2026-18003

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.9AI score0.00279EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 7:16 p.m.6 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 7:16 p.m.3 views

DEBIAN-CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 7:16 p.m.6 views

UBUNTU-CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 12:0 a.m.5 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.9AI score0.00279EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.4 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

5.9AI score0.00279EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/01 12:0 a.m.7 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS5.2AI score0.00279EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/01 12:0 a.m.31 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

0.00279EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 12:0 a.m.23 views

CVE-2026-34874

Mbed TLS versions affected: up to 3.6.5 and 4.x up to 4.0.0. The issue is a NULL pointer dereference in distinguished name parsing that can allow writing to address 0. This is a concrete vulnerability detail (affected component and root cause) and is described in both the CVE records and CVE List...

7.5CVSS5.9AI score0.00279EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.9 views

PT-2026-29587

Name of the Vulnerable Software and Affected Versions Mbed TLS versions through 3.6.5 and 4.0.0 Description A flaw exists in the distinguished name parsing functionality, leading to a NULL pointer dereference. This can allow an attacker to write to address 0. Recommendations Update to a version...

9.1CVSS5.1AI score0.0039EPSS
Exploits0References26
OSV
OSV
added 2026/04/01 12:0 a.m.2 views

CVE-2026-34874

An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0...

7.5CVSS6AI score0.00279EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/29 12:0 a.m.10 views

openSUSE 16 Security Update : python-ldap (openSUSE-SU-2026:20421-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20421-1 advisory. - CVE-2025-61911: Enforce str for escapefilterchars bsc1251912. - CVE-2025-61912: Escape NULs as per RFC 4514 in escapednchars bsc1251913. Tenab...

6.9CVSS6AI score0.00427EPSS
Exploits2References6
Rows per page
Query Builder