13 matches found
CVE-2026-11999
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
UBUNTU-CVE-2026-11999
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
EUVD-2026-39496
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
CVE-2026-11999
CVE-2026-11999 affects wolfSSL when built with --enable-opensslextra. The X509_verify_cert() path-depth exhaustion in wolfSSL_X509_verify_cert() can allow an attacker-controlled certificate to be accepted if the caller supplies untrusted intermediates and the chain depth exceeds the verifier’s ma...
CVE-2026-11999 X.509 trust-chain bypass via path-depth exhaustion in wolfSSL_X509_verify_cert()
X.509 trust-chain bypass path-depth exhaustion in the OpenSSL compatibility certificate verifier wolfSSLX509verifycert. This affects only builds with --enable-opensslextra whose application calls X509verifycert with caller-supplied untrusted intermediates; for those users it is critical, otherwis...
PT-2026-52511
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A trust-chain bypass exists in the OpenSSL compatibility certificate verifier function wolfSSL X509 verify cert. This issue occurs in builds configured with --enable-opensslextra when an...
Amazon Linux 2023 : jq, jq-devel (ALAS2023-2026-1815)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1815 advisory. jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating string...
CLSA-2026-1778142360 jq: Fix of 2 CVEs
CVE-2026-33947: limit path depth in jvsetpath, jvgetpath, and jvdelpaths to prevent stack overflow from deep path arrays - CVE-2026-33948: remove strlen-based length calculation that truncated JSON input at embedded NUL bytes, preventing parser-differential attacks...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an authentication bypass vulnerability caused by a /api/channels route classification flaw due to a mismatch in the depth of normalization between authentication path classification and route path...
kernel: eventpoll: Fix semi-unbounded recursion
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is loop-free and does some recursion depth checks, but...
Linux Distros Unpatched Vulnerability : CVE-2025-38614
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures th...
SUSE CVE-2025-22079
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a check to prevent out-of-bounds access if ltreedepth has an invalid...
CVE-2025-22079
In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate ltreedepth to avoid out-of-bounds access The ltreedepth field is 16-bit le16, but the actual maximum depth is limited to OCFS2MAXPATHDEPTH. Add a check to prevent out-of-bounds access if ltreedepth has an invalid...