19 matches found
PT-2026-24606
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
EUVD-2026-10086
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
SUSE CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
UBUNTU-CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
AZL-79610 CVE-2026-27138 affecting package golang 1.25.7-1
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138
The CVE-2026-27138 entry describes a panic in certificate verification when a chain contains a certificate with an empty DNS name and another with excluded name constraints, potentially crashing programs that verify X.509 chains or use TLS. The connected IBM bulletin confirms this CVE (tied to Go...
CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
CVE-2026-27138
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
GO-2026-4600 Panic in name constraint checking for malformed certificates in crypto/x509
Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS...
Google Go 安全漏洞
Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises when a certificate in the chain has an empty DNS name, and another...
CVE-2026-23948 FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...
CVE-2026-23948
CVE-2026-23948 affects FreeRDP prior to 3.22.0, where a NULL pointer dereference in rdp_write_logon_info_v2() can crash the FreeRDP proxy if a LogonInfoV2 PDU uses cbDomain=0 or cbUserName=0. The issue is fixed in 3.22.0. Connected advisories (Alpine Linux and openSUSE) confirm the vulnerability ...
CVE-2026-23948
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2 allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability...
PT-2026-7125
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.22.0 Description FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw. A NULL pointer dereference exists in the rdp write logon info v2 function. A malicious RDP server can exploit this by...
Low: Red Hat Bug Fix Advisory: conga bug fix update
Updated conga packages that provide critical bug fixes are now available. The Conga package is a web-based administration tool for remote cluster and storage management. This erratum applies the following bug fixes: - The borrowed Zope packages used by Conga have been patched to eliminate a...