Lucene search
K

22 matches found

RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:40 a.m.7 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/26 6:40 a.m.12 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.7AI score0.00566EPSS
Exploits1References5
OSV
OSV
added 2026/05/21 9:23 a.m.7 views

CLSA-2026-1779355433 Fix CVE(s): CVE-2026-3833

SECURITY UPDATE: nameConstraints case-sensitive comparison bypass - debian/patches/CVE-2026-3833.patch: perform case-insensitive comparison of dNSName and rfc822Name domain labels in X.509 nameConstraints processing, fixing excludedSubtrees / permittedSubtrees bypass via letter-casing in the SAN....

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
OSV
OSV
added 2026/05/19 12:50 a.m.11 views

CLSA-2026-1779107085 gnutls: Fix of CVE-2026-3833

CVE-2026-3833: fix nameConstraints dNSName/rfc822Name case-sensitive memcmp bypass...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/05/02 10:26 p.m.2 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS6.9AI score0.00566EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/30 5:37 p.m.63 views

CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

6.5CVSS0.00566EPSS
Exploits1References15
RedhatCVE
RedhatCVE
added 2026/04/30 5:37 p.m.15 views

CVE-2026-3833

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5AI score0.00566EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/30 5:37 p.m.6 views

CVE-2026-3833

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.3AI score0.00566EPSS
Exploits1References16
EUVD
EUVD
added 2026/04/30 5:37 p.m.5 views

EUVD-2026-26403

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

6.5CVSS5.3AI score0.00566EPSS
Exploits1References3
CVE
CVE
added 2026/04/30 5:37 p.m.33 views

CVE-2026-3833

Technical details for CVE-2026-3833 are not publicly available in the provided documents; OpenSUSE/PTSecurity entries reference fixes but do not expose affected components, impact, or mitigation here. Monitor for updates.

7.4CVSS5.3AI score0.00566EPSS
Exploits1References15Affected Software4
Snyk
Snyk
added 2026/04/30 5:26 p.m.5 views

Improper Handling of Case Sensitivity

Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity in the enforcement of X.509 nameConstraints due to case-sensitive comparisons for dNSName and the domain portion of rfc822Name. An attacker can gain unauthorized certificate validation and potential...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.14 views

CVE-2022-31398

A cross-site scripting XSS vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

4.8CVSS5.7AI score0.00534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.11 views

CVE-2022-31400

A cross-site scripting XSS vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

4.8CVSS5.7AI score0.00534EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-52910

Malicious code in bioql PyPI...

4.8CVSS5.2AI score0.00534EPSS
Exploits1References1
wpexploit
wpexploit
added 2022/08/16 12:0 a.m.585 views

Affiliates Manager < 2.9.14 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Put the following payload in the "Currency Symbol" settings of the plugin and save: " Other settings...

4.8CVSS0.8AI score0.00538EPSS
Exploits2
CNVD
CNVD
added 2022/06/15 12:0 a.m.21 views

HelpDeskZ cross-site scripting vulnerability (CNVD-2022-59046)

HelpDeskZ is a PHP-based software that allows you to manage your site's support using a web-based support ticket system. Provides quality support. A cross-site scripting vulnerability exists in HelpDeskZ version v2.0.2, which stems from a lack of parameter filtering and escaping in...

4.8CVSS5AI score0.00534EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.5 views

CVE-2022-31398

A cross-site scripting XSS vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

4.8CVSS5.9AI score0.00534EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.5 views

CVE-2022-31400

A cross-site scripting XSS vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field...

4.8CVSS5.9AI score0.00534EPSS
Exploits1References2
Rows per page
Query Builder