Lucene search
K

7 matches found

FreeBSD
FreeBSD
added 2026/05/27 12:0 a.m.15 views

Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer

https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey application contains a path-validation flaw where non-CA certificates lacking keyUsage extensions can be accepted as intermediate issuers. An attacker with an end-entity certificate issued by a...

8CVSS5.9AI score0.00322EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/20 3:2 a.m.4 views

SUSE CVE-2025-6037

Vault and Vault Enterprise “Vault” TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as +trusted certificate+|https://developer.hashicorp.com/vault/api-docs/auth/certcertificate. In this configuration, an attacker may be able to...

6.8CVSS6AI score0.00223EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:5 a.m.24 views

BIT-NODE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.5AI score0.18339EPSS
Exploits1References25
SUSE CVE
SUSE CVE
added 2023/02/15 3:49 a.m.5 views

SUSE CVE-2021-3450

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

7.4CVSS7.2AI score0.18339EPSS
Exploits1References13
Prion
Prion
added 2021/03/25 3:15 p.m.34 views

Design/Logic Flaw

The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an...

5.8CVSS7.2AI score0.18339EPSS
Exploits1References24Affected Software27
Prion
Prion
added 2011/08/29 8:55 p.m.19 views

Design/Logic Flaw

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

7.5CVSS6.2AI score0.06387EPSS
Exploits1References10Affected Software1
EUVD
EUVD
added 2011/08/29 8:0 p.m.6 views

EUVD-2011-0254

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an...

7.5CVSS5.7AI score0.06387EPSS
Exploits1References10
Rows per page
Query Builder