JLSEC-2026-220 The X.509 GeneralName type is a generic type for representing different types of names. One of...

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...

CVE-2026-4428

A flaw was found in AWS-LC, a cryptographic library. A logic error in how the library validates Certificate Revocation List CRL distribution points can cause legitimate partitioned CRLs to be incorrectly rejected. This allows a revoked certificate to bypass certificate revocation checks,...

CRLs not considered authoritative by Distribution Point due to faulty matching logic

If a certificate had more than one distributionPoint, then only the first distributionPoint would be considered against each CRL's IssuingDistributionPoint distributionPoint, and then the certificate's subsequent distributionPoints would be ignored. The impact was that correctly provided CRLs wou...

EUVD-1999-0644

Malware in sbrugna...

Exploit for Code Injection in Cisco Telepresence_Video_Communication_Server

I started looking at Cisco Expressway after I noticed quite a fe...

CVE-2023-28857

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

Authentication flaw

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

CVE-2023-28857 LDAP password leak in Apereo CAS - GHSL-2023-009

Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...

Ubuntu: Security Advisory (USN-5651-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5651-2 strongswan vulnerability

USN-5651-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Lahav Schlesinger discovered that strongSwan incorrectly handled certain OCSP URIs and and CRL distribution points CDP in certificate...

CVE-2022-24527: Microsoft Connected Cache Local Privilege Escalation (Fixed)

On April 12, 2022, Microsoft published CVE-2022-24527, a local privilege escalation vulnerability in Microsoft Connected Cache. The vulnerability allowed a local low-privileged user to execute arbitrary Powershell as SYSTEM due to improper file permission assignment CWE-732. Product description...

Python -- NULL pointer dereference vulnerability

Python Changelog: bpo-35746: CVE-2019-5010 Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability TALOS-2018-0758 reported by Colin Read and Nicolas Ede...

Ubuntu: Security Advisory (USN-2727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 15.04 : gnutls28 vulnerabilities (USN-2727-1)

It was discovered that GnuTLS incorrectly handled parsing CRL distribution points. A remote attacker could possibly use this issue to cause a denial of service, or execute arbitrary code. CVE-2015-3308 Kurt Roeckx discovered that GnuTLS incorrectly handled a long DistinguishedName DN entry in a...

GnuTLS 'gnutls_x509_ext_import_crl_dist_points()' double release vulnerability

GnuTLS is a set of secure communication libraries for implementing SSL, TLS and DTLS protocols. A double-release vulnerability exists in the GnuTLS 'gnutlsx509extimportcrldistpoints' function, which could be exploited by an attacker to submit an ad-hoc request to cause a denial of service, or...

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

Code injection

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 do not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. No further techn...

CVE-2011-1224

IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points CDP certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a 1 client, 2 queue manager, or 3 application...