Lucene search
K

14 matches found

RedHat Linux
RedHat Linux
added 6 days ago7 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago7 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago6 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.43 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39613

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.2AI score0.00256EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS6.2AI score0.00256EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 1:14 a.m.5 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.2AI score0.00256EPSS
Exploits0
CVE
CVE
added 2026/06/26 1:14 a.m.21 views

CVE-2026-48928

CVE-2026-48928 affects Node.js releases 22/24/26. The issue is uppercase SNI context matching causing MTLS authorization bypass due to case-sensitive hostname matching in multi-context mTLS. SUSE indicates this CVE is fixed in nodejs24 update to 24.17.0; remediation is to upgrade to that version ...

5.4CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.6 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.6AI score0.00256EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-48928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release line...

5.4CVSS6.7AI score0.00256EPSS
Exploits0References4
OSV
OSV
added 2025/06/08 11:15 a.m.2 views

DEBIAN-CVE-2025-38004

In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcmop runtime updates The CAN broadcast manager CAN BCM can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at runtime where the...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/04/19 12:0 a.m.7 views

PT-2017-2113 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco ASA Software versions prior to 8.47.31 Cisco ASA Software versions prior to 9.04.39 Cisco ASA Software versions prior to 9.17 Cisco ASA Software versions prior to 9.24.6 Cisco ASA Software versions prior to 9.33.8 Cisco ASA Software...

8.6CVSS8.5AI score0.04553EPSS
Exploits0References6
Rows per page
Query Builder