Lucene search
K

11 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/31 8:1 a.m.7 views

Non-CA certificate accepted as intermediate issuer in public_key path validation

...

8CVSS5.4AI score0.00322EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/28 3:58 a.m.14 views

SUSE CVE-2026-42789

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

7CVSS5.9AI score0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 12:23 p.m.9 views

CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

7CVSS5.9AI score0.00322EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/27 12:23 p.m.11 views

EUVD-2026-32272

Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey pubkeycert module allows a non-CA certificate to be accepted as an intermediate issuer, enabling certificate chain forgery. In lib/publickey/src/pubkeycert.erl, pubkeycert:validateextensions/7 contains two...

7CVSS5.9AI score0.00322EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 12:23 p.m.58 views

CVE-2026-42789

The CVE-2026-42789 entry documents a vulnerability in Erlang OTP public_key (pubkey_cert module): a certificate with basicConstraints cA:false and no keyUsage can be misused as an intermediate issuer during pkix_path_validation, enabling chain forgery. Two flaws in pubkey_cert:validate_extensions...

8CVSS5.9AI score0.00322EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2025/08/01 6:31 p.m.4 views

GHSA-6C5R-4WFC-3MCX Hashicorp Vault has Incorrect Validation for Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS5.9AI score0.0021EPSS
Exploits0References3
Snyk
Snyk
added 2025/08/01 6:31 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCredentials. An attacker can impersonate a trusted client by crafting a malicious certificate when a non-CA certificate is used as a trusted certificate. Remediation Upgrade...

7.6CVSS6.9AI score0.0021EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/01 5:52 p.m.26 views

CVE-2025-6037 Vault Certificate Auth Method Did Not Validate Common Name For Non-CA Certificates

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS0.0021EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 5:13 p.m.27 views

GO-2024-2617 Authentication bypass in github.com/hashicorp/vault

The TLS certificate authentication method incorrectly validates client certificates when configured with a non-CA certificate as a trusted certificate. When configured this way, attackers may be able to craft a certificate that can be used to bypass authentication...

9.8CVSS7.9AI score0.00447EPSS
Exploits0References2
CVE
CVE
added 2011/08/29 8:0 p.m.72 views

CVE-2011-0228

Affected software: Apple iOS prior to 4.2.10 and 4.3.x prior to 4.3.5. Vulnerability: The Data Security component does not check the basicConstraints parameter when validating X.509 certificate chains, allowing a non-CA certificate to sign a certificate for any domain. This enables a man-in-the-m...

7.5CVSS5.9AI score0.06387EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2011/08/29 8:0 p.m.28 views

CVE-2011-0228

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

5.8AI score0.06387EPSS
Exploits1References10
Rows per page
Query Builder