8 matches found
CVE-2026-6731
X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...
Erlang/OTP 安全漏洞
Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by node.js’s built-in APIs. There is a security vulnerability in Erlang/OTP, which stems from improper certificate verification in the publickey module. This vulnerability allows...
Security Bulletin: There is a vulnerability in cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-34073)
Summary There is a vulnerability in cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-34073 DESCRIPTION: cryptography is a package designed to expose cryptographic primitives and recipes...
PYSEC-2026-35
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...
Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
SUSE-SU-2026:0760-1 Security update for go1.25-openssl
This update for go1.25-openssl fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated...
openSUSE 16 Security Update : go1.25 (openSUSE-SU-2026:20214-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20214-1 advisory. Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code...
CVE-2025-61727
The CVE-2025-61727 issue stems from crypto/x509: an excluded subdomain constraint in a certificate chain does not restrict wildcard SANs in the leaf certificate (e.g., excluding test.example.com does not block SAN *.example.com). This can allow a leaf certificate to claim a wildcard SAN despite t...