Lucene search
K

14 matches found

NVD
NVD
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/26 6:40 a.m.12 views

gnutls: gnutls: Security bypass due to incorrect name constraint handling

A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities CAs only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate...

7.4CVSS5.8AI score0.00475EPSS
Exploits0References5
OSV
OSV
added 2026/02/27 12:53 a.m.7 views

CLEANSTART-2026-AJ16639 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References43
OSV
OSV
added 2026/01/30 4:35 p.m.7 views

CLEANSTART-2026-VV68546 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the k8ssandra-client-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00626EPSS
Exploits2References25
OSV
OSV
added 2026/01/30 4:35 p.m.4 views

CLEANSTART-2026-PW02676 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the k8ssandra-client-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00626EPSS
Exploits2References25
OSV
OSV
added 2026/01/30 4:19 p.m.8 views

CLEANSTART-2026-KZ60560 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.04518EPSS
Exploits3References40
OSV
OSV
added 2026/01/30 4:15 p.m.4 views

CLEANSTART-2026-KU65968 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References38
OSV
OSV
added 2026/01/30 4:2 p.m.7 views

CLEANSTART-2026-EC15228 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References38
OSV
OSV
added 2026/01/30 3:58 p.m.5 views

CLEANSTART-2026-NP17404 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate

Multiple security vulnerabilities affect the argo-cd-fips package. Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.04518EPSS
Exploits3References40
OSV
OSV
added 2025/12/05 1:12 p.m.4 views

OESA-2025-2780 golang security update

. Security Fixes: Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.CVE-2025-58187 The processing time for parsing some...

7.5CVSS6.9AI score0.00626EPSS
Exploits0References3
Amazon
Amazon
added 2025/11/10 12:0 a.m.11 views

Important: nerdctl

Issue Overview: net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed withi...

7.5CVSS6.9AI score0.00626EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.4 views

PT-2025-42740

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19 Description The software exhibits quadratic complexity when checking name constraints in X.509 certificate validation. This can lead to performance issues during certificate verification. Recommendatio...

9.8CVSS8.4AI score0.00384EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/03/14 1:57 p.m.5 views

openssl: read buffer overflow in X.509 certificate verification

A flaw was found in Open SSL. A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification, and requires either a CA to have signed the malicious certificate or for the...

4.9CVSS6.9AI score0.01481EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.1 views

SUSE CVE-2022-3786

A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate...

5.9CVSS8.5AI score0.92488EPSS
Exploits2References7
Rows per page
Query Builder