Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/03 12:19 p.m.12 views

CVE-2026-42789

A flaw was found in Erlang OTP's publickey module. This vulnerability CWE-295, related to improper certificate validation, allows a non-Certificate Authority CA certificate to be accepted as an intermediate issuer. A remote attacker, holding an end-entity certificate issued by a trusted CA, can...

8CVSS5.8AI score0.0033EPSS
Exploits0References9
OSV
OSV
added 2026/05/27 2:16 p.m.12 views

DEBIAN-CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

4.8CVSS5.9AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2025/08/11 5:24 p.m.3 views

GO-2025-3836 Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault

Hashicorp Vault has Incorrect Validation for Non-CA Certificates in github.com/hashicorp/vault...

6.8CVSS7.2AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/08/01 5:52 p.m.3 views

CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS5.7AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2025/08/01 5:52 p.m.4 views

CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS6.8AI score0.00221EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/03/04 12:0 a.m.5 views

HashiCorp Vault and HashiCorp Vault Enterprise Security Vulnerabilities

HashiCorp Vault and HashiCorp Vault Enterprise are both products of HashiCorp, Inc. of the U.S. HashiCorp Vault is a private key access management tool.HashiCorp Vault Enterprise is an enterprise information archiving platform. Captures information across all communication platforms - seamlessly...

9.8CVSS8.8AI score0.00447EPSS
Exploits0References2
Rows per page
Query Builder