Lucene search
K

613 matches found

OSV
OSV
added 2026/01/30 2:44 p.m.0 views

CLEANSTART-2026-OL25917 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the velero package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00626EPSS
Exploits2References28
OSV
OSV
added 2026/01/30 2:41 p.m.2 views

CLEANSTART-2026-GV62494 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the velero package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00626EPSS
Exploits2References27
OSV
OSV
added 2026/01/30 2:41 p.m.9 views

CLEANSTART-2026-DI05920 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the velero-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00451EPSS
Exploits2References8
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.7 views

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/23 3:22 p.m.6 views

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

4CVSS6.1AI score0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 4:16 p.m.7 views

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS0.00291EPSS
Exploits0References3
NVD
NVD
added 2026/01/22 4:16 p.m.6 views

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

4CVSS0.00318EPSS
Exploits0References3
CVE
CVE
added 2026/01/22 3:22 p.m.49 views

CVE-2025-32057

The CVE-2025-32057 entry concerns the Bosch Infotainment ECU in Nissan Leaf ZE1 (2020). The vulnerability arises from using a Redbend OTA service with HTTPS where the SSL engine uses a default configuration, resulting in server root certificate verification being disabled. This can allow an attac...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 3:22 p.m.8 views

CVE-2025-32057 Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/22 3:22 p.m.22 views

CVE-2025-32057 Misconfigured SSL/TLS communication of Redbend service for Infotainment ECU

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS0.00291EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 3:22 p.m.4 views

CVE-2025-32057

The Infotainment ECU manufactured by Bosch which is installed in Nissan Leaf ZE1 – 2020 uses a Redbend service for over-the-air provisioning and updates. HTTPS is used for communication with the back-end server. Due to usage of the default configuration for the underlying SSL engine, the server...

6.5CVSS5.5AI score0.00291EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/22 3:21 p.m.26 views

CVE-2025-32056 Anti-Theft Bypass for Infotainment ECU

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

4CVSS0.00318EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 3:21 p.m.3 views

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

4CVSS5.5AI score0.00318EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/22 3:21 p.m.5 views

CVE-2025-32056 Anti-Theft Bypass for Infotainment ECU

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

4CVSS5.6AI score0.00318EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: kernel (CVE-2025-38278)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38278 advisory. - In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor...

5.5CVSS5.3AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/21 1:15 p.m.6 views

CVE-2026-22976

A flaw was found in the Linux kernel's schqfq Quick Fair Queueing scheduler. This vulnerability allows a local user to trigger a NULL pointer dereference in the qfqreset function. The issue arises when multiple qfqclass objects incorrectly reference the same leafqdisc, leading to an attempt to...

5.5CVSS5.3AI score0.00118EPSS
Exploits0References10
NVD
NVD
added 2026/01/21 7:16 a.m.10 views

CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

5.5CVSS0.00118EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/01/21 7:16 a.m.5 views

CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References25
OSV
OSV
added 2026/01/21 7:16 a.m.4 views

UBUNTU-CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

5.5CVSS5.7AI score0.00118EPSS
Exploits0References28
Cvelist
Cvelist
added 2026/01/21 6:57 a.m.17 views

CVE-2026-22976 net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

0.00118EPSS
Exploits0References7
Rows per page
Query Builder