CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RustSec•added 2026/04/22 12:0 p.m.•5 views

Reachable panic in certificate revocation list parsing

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::fromder or OwnedCertRevocationList::fromder. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

Positive Technologies•added 2026/04/22 12:0 a.m.•0 views

PT-2026-34530

A panic was reachable when parsing certificate revocation lists via BorrowedCertRevocationList::from der or OwnedCertRevocationList::from der. This was the result of mishandling a syntactically valid empty BIT STRING appearing in the onlySomeReasons element of a IssuingDistributionPoint CRL...

OSV•added 2026/03/20 8:35 p.m.•2 views

GHSA-9F94-5G5W-GF6R CRL Distribution Point Scope Check Logic Error in AWS-LC

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...

7.4CVSS5.9AI score0.00026EPSS

Exploits0References5

Github Security Blog•added 2026/03/20 8:35 p.m.•6 views

CRL Distribution Point Scope Check Logic Error in AWS-LC

5.9AI score

Exploits0References5Affected Software2

OSV•added 2026/03/20 12:0 p.m.•2 views

RUSTSEC-2026-0049 CRLs not considered authoritative by Distribution Point due to faulty matching logic

If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored. The impact was that correctly provided CRLs wou...

RustSec•added 2026/03/20 12:0 p.m.•3 views

CRLs not considered authoritative by Distribution Point due to faulty matching logic

NVD•added 2026/03/19 9:17 p.m.•4 views

CVE-2026-4428

A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...

9.1CVSS0.00026EPSS

Vulnrichment•added 2026/03/19 8:37 p.m.•4 views

CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC

9.1CVSS5.8AI score0.00026EPSS

Cvelist•added 2026/03/19 8:37 p.m.•19 views

CVE-2026-4428 CRL Distribution Point Scope Check Logic Error in AWS-LC

9.1CVSS0.00026EPSS

OSV•added 2026/03/19 12:0 p.m.•1 views

RUSTSEC-2026-0048 CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...

7.4CVSS5.8AI score0.00026EPSS

Exploits0References4

RustSec•added 2026/03/19 12:0 p.m.•4 views

CRL Distribution Point Scope Check Logic Error in AWS-LC

9.1CVSS5.9AI score0.00026EPSS

OSV•added 2026/03/19 12:0 p.m.•3 views

RUSTSEC-2026-0042 CRL Distribution Point Scope Check Logic Error in AWS-LC

7.4CVSS5.9AI score0.00026EPSS

Exploits0References4

RustSec•added 2026/03/19 12:0 p.m.•2 views

CRL Distribution Point Scope Check Logic Error in AWS-LC

9.1CVSS5.8AI score0.00026EPSS

RedHat Linux•added 2025/05/19 8:51 a.m.•7 views

openssl: X.400 address type confusion in X.509 GeneralName

A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled for example, the application sets the X509VFLAGCRLCHECK flag, this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call,...

7.4CVSS6.9AI score0.88334EPSS

Exploits0References5

CNNVD•added 2024/02/14 12:0 a.m.•1 views

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 Corporation that integrates network traffic management, application security management, load balancing, and other features. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed request that may result in increased CPU...

7.5CVSS7.1AI score0.00203EPSS

Tenable Nessus•added 2023/12/27 12:0 a.m.•25 views

NewStart CGSL MAIN 5.04 : openssl Vulnerability (NS-SA-2023-0101)

The remote NewStart CGSL host, running version MAIN 5.04, has openssl packages installed that are affected by a vulnerability: - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1STRING but the public...

7.4CVSS8AI score0.88334EPSS

Tenable Nessus•added 2023/06/06 12:0 a.m.•17 views

EulerOS Virtualization 2.11.0 : shim (EulerOS-SA-2023-2129)

According to the versions of the shim package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parse...

7.4CVSS7.9AI score0.88334EPSS

RedHat Linux•added 2023/06/05 2:16 p.m.•4 views

openssl: X.400 address type confusion in X.509 GeneralName

7.4CVSS6.8AI score0.88334EPSS

Exploits0References5

OpenVAS•added 2023/06/01 12:0 a.m.•18 views

Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2004)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS8.2AI score0.88334EPSS