Lucene search
K

7 matches found

CNNVD
CNNVD
added 2024/07/08 12:0 a.m.4 views

Botan Security Vulnerabilities

Botan is a library of cryptographic algorithms written in C++. It supports a variety of algorithms including AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan that stems from an error in the parsing of name-constrained extensions in X.509 certificates, which...

5.3CVSS6.9AI score0.00272EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:5 a.m.20 views

BIT-NODE-2021-44531

Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use...

7.4CVSS7.7AI score0.08373EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.34 views

Oracle Linux 8 : nodejs:14 (ELSA-2022-7830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7830 advisory. - Record issues fixed in the current version Resolves: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 Resolves: CVE-2022-0235 - Rebase to...

8.8CVSS7.5AI score0.21514EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.32 views

AlmaLinux 8 : nodejs:14 (ALSA-2022:7830)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7830 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-44532...

8.2CVSS7.3AI score0.21514EPSS
Exploits3References6
OSV
OSV
added 2022/02/24 7:15 p.m.28 views

CVE-2021-44531

Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use...

7.4CVSS0.9AI score
Exploits0References6
UbuntuCve
UbuntuCve
added 2022/02/24 7:15 p.m.85 views

CVE-2021-44531

Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use...

7.4CVSS6.8AI score0.08373EPSS
Exploits0References2
Hacker One
Hacker One
added 2021/12/17 2:57 p.m.141 views

Node.js: Node.js Certificate Verification Bypass via String Injection

This is a report on behalf of Google, who did not want to report through H1. --- Summary Node’s APIs for reporting certificate fields are ambiguous and allow bypassing certificate verification in some circumstances. Details In light of CVE-2021-3712, I’ve been looking at code which misuses...

5.8CVSS7.5AI score0.50445EPSS
Exploits2
Rows per page
Query Builder