Lucene search
K

78 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 7:42 p.m.44 views

Security Bulletin: Vulnerabilities in OpenSSL (CVE-1015-1793)

Question Security Bulletin: Vulnerabilities in OpenSSL CVE-1015-1793 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

5.4AI score
Exploits0Affected Software1
OSV
OSV
added 2026/05/27 5:16 p.m.6 views

DEBIAN-CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 5:16 p.m.15 views

UBUNTU-CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2026/05/27 3:9 p.m.12 views

CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

8.1CVSS5.8AI score0.00338EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016811 advisory. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes...

6.5CVSS7.2AI score0.00274EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/14 11:41 p.m.4 views

CVE-2026-39984

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.4AI score0.00099EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/14 11:41 p.m.5 views

CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

5.5CVSS5.6AI score0.00099EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 1:1 a.m.7 views

GHSA-XM5M-WGH2-RRG3 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...

5.5CVSS5.7AI score0.00099EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32611

Name of the Vulnerable Software and Affected Versions Sigstore Timestamp Authority versions prior to 2.0.6 Description An authorization bypass exists in the timestamp-authority/v2/pkg/verification package. The VerifyTimestampResponse function correctly verifies the certificate chain signature, bu...

5.5CVSS5.2AI score0.00099EPSS
Exploits0References255
EUVD
EUVD
added 2026/04/10 6:31 a.m.5 views

EUVD-2026-21294

wolfSSLX509verifycert in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints CA:FALSE that is legitimately signed by a trusted root. An attacker who obtains any leaf...

8.6CVSS6AI score0.00184EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/09 11:26 p.m.4 views

SUSE CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References3
NVD
NVD
added 2026/04/08 4:16 p.m.7 views

CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

7.5CVSS0.00188EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.8 views

rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/08 3:0 p.m.5 views

GHSA-3XXC-PWJ6-JGRJ rfc3161-client Has Improper Certificate Validation

Summary An Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw in how the library extracts the leaf certificate from an unordered PKCS7 bag of certificates, an attacker ca...

6.2CVSS5.8AI score0.00188EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/04/08 2:54 p.m.6 views

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

6.2CVSS5.9AI score0.00188EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 2:54 p.m.3 views

CVE-2026-33753

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

6.2CVSS5.9AI score0.00188EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/08 2:54 p.m.2 views

CVE-2026-33753 Improper Certificate Validation in rfc3161-client

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to 1.0.6, an Authorization Bypass vulnerability in rfc3161-client's signature verification allows any attacker to impersonate a trusted TimeStamping Authority TSA. By exploiting a logic flaw i...

6.2CVSS6AI score0.00188EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31325

Name of the Vulnerable Software and Affected Versions rfc3161-client versions prior to 1.0.6 Description An authorization bypass issue exists in rfc3161-client's signature verification. An attacker can impersonate a trusted TimeStamping Authority TSA by exploiting a flaw in how the library extrac...

7.5CVSS5.8AI score0.00188EPSS
Exploits1References16
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.4 views

Signature Placement in Post-Quantum TLS Certificate Hierarchies: An Experimental Study of ML-DSA and SLH-DSA in TLS 1.3 Authentication

Post-quantum migration in TLS 1.3 should not be understood as a flat substitution problem in which one signature algorithm is replaced by another and deployment cost is inferred directly from primitive-level benchmarks. In certificate-based authentication, the practical effect of a signature fami...

5.9AI score
Exploits0
OSV
OSV
added 2026/02/27 12:43 a.m.8 views

CLEANSTART-2026-XZ04425 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00459EPSS
Exploits2References5
Rows per page
Query Builder