GHSA-FV83-X2XW-2J55 vulnerabilities

Vulnerabilities for packages: nodetaint-fips, aws-iam-authenticator, polaris-fips, commercial-chainloop-backend, kube-logging-logging-operator, sealed-secrets-fips, sftpgo-plugin-eventsearch, newrelic-infra-operator, ingress-nginx-controller, dkron, victorialogs-fips, eks-node-monitoring-agent,...

Unchecked Return Value

Overview Affected versions of this package are vulnerable to Unchecked Return Value due to improper error handling in the provision function. An attacker can gain unauthorized access by presenting a client certificate signed by any system-trusted certificate authority, bypassing the intended...

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...

Caddy 安全漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities were caused by two ignored errors in the ClientAuthentication.provision function, which led to a silent failure in mT...

SUSE CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

DEBIAN-CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

CVE-2026-24122

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

CVE-2026-24122 Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked

Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that expires before the leaf certificate will be considered valid during verification even if the provided timestamp would mean the issuing certificate...

PT-2026-20949

Name of the Vulnerable Software and Affected Versions Cosign versions 3.0.4 and below Description Cosign is a tool that provides code signing and transparency for containers and binaries. A flaw in the certificate validation process allows expired intermediate Certificate Authorities to validate...

EUVD-2025-201925

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...

GHSA-W252-645G-87MP Openfire has potential identity spoofing issue via unsafe CN parsing

Summary Identity spoofing in X.509 client certificate authentication in Openfire allows internal attackers to impersonate other users via crafted certificate subject attributes, due to regex-based extraction of CN from an unescaped, provider-dependent DN string. Analysis Openfire’s SASL EXTERNAL...

Openfire has potential identity spoofing issue via unsafe CN parsing

Summary Identity spoofing in X.509 client certificate authentication in Openfire allows internal attackers to impersonate other users via crafted certificate subject attributes, due to regex-based extraction of CN from an unescaped, provider-dependent DN string. Analysis Openfire’s SASL EXTERNAL...

CVE-2025-9785

PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not...

Astra Linux - уязвимость в easy-rsa

Weak encryption algorithm in Easy-RSA version 3.0.5 through 3.1.7 allows a local attacker to more easily bruteforce the private CA key when created using OpenSSL 3...

golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints

A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this...

DEBIAN-CVE-2024-45341

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

SUSE CVE-2024-45341

A certificate with a URI which has a IPv6 address with a zone ID may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI, so this only affects users of private PKIs which make use of URIs...

CVE-2022-28371

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download...

Git Input Validation Error Vulnerability (CNVD-2020-33648)

Git is a free, open source distributed version control system. An input validation error vulnerability exists in Git. An attacker could exploit this vulnerability to obtain a private certificate with the help of a specially crafted URL...