Lucene search
K

23 matches found

RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.7 views

samba: group policy certificate enrollment uses http:// without validation

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/05/27 10:2 a.m.14 views

CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

8CVSS5.8AI score0.00261EPSS
Exploits0References14
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in OpenSSL

Applications that use non-default options when verifying certificates may be vulnerable to attacks from a malicious Certificate Authority CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL, and other certificate policy checks for tho...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References2
OSV
OSV
added 2026/04/27 6:33 p.m.11 views

JLSEC-2026-236 Applications that use a non-default option when verifying certificates may be vulnerable to an...

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.3AI score0.01583EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-12519

Malicious code in bioql PyPI...

5.3CVSS6.3AI score0.01583EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.10 views

TencentOS Server 4: openssl (TSSA-2024:0034)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0034 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

6.5CVSS6.8AI score0.75116EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/05/22 10:24 p.m.7 views

CVE-2022-21672

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt and treats explicitly untrusted certificates like trusted ones, causing those explicitly untrusted...

6.5CVSS6.9AI score0.00715EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-0465

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid...

5.3CVSS6.3AI score0.01583EPSS
Exploits0References3
OSV
OSV
added 2024/03/01 11:7 a.m.5 views

OESA-2024-1227 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate...

6.5CVSS8.7AI score0.75116EPSS
Exploits0References4
OSV
OSV
added 2024/02/23 11:6 a.m.11 views

OESA-2024-1168 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include polic...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
RedHat Linux
RedHat Linux
added 2023/12/07 1:53 p.m.2 views

openssl: Invalid certificate policies in leaf certificates are silently ignored

A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that a...

5.3CVSS6.5AI score0.01583EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/21 2:51 p.m.6 views

openssl: Invalid certificate policies in leaf certificates are silently ignored

A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that a...

5.3CVSS6.5AI score0.01583EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/03/30 1:45 a.m.3 views

SUSE CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.9CVSS6.4AI score0.01583EPSS
Exploits0References86
OSV
OSV
added 2023/03/28 3:15 p.m.2 views

ALPINE-CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS7AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.2 views

DEBIAN-CVE-2023-0465

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.2AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.7 views

AZL-31145 CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.10 views

AZL-37716 CVE-2023-0465 affecting package hvloader for versions less than 1.0.1-9

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.5 views

AZL-27241 CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/28 3:15 p.m.7 views

AZL-34663 CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/28 2:30 p.m.12 views

CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.5AI score0.01583EPSS
Exploits0References9
Rows per page
Query Builder