38 matches found
S2OPC OPC UA Toolkit 安全漏洞
S2OPC OPC UA Toolkit is an open-source development toolkit for OPC UA communication, developed by Systerel. The S2OPC OPC UA Toolkit contains a security vulnerability. This vulnerability stems from the CycloneCrypto encryption wrapper, where certificate revocation checks only consider the first...
Important: docker
Issue Overview: The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated client...
Important: containerd
Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...
Important: containerd
Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...
Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-109 (ALASNITRO-ENCLAVES-2026-109)
The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-109 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused...
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1784)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1784 advisory. An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected...
CVE-2026-42508
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority CA. A remote attacker could potentially exploit this by presenting a revoked key, leading t...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42508)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42508 advisory. - Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocatio...
Apache Tomcat: Apache Tomcat: Authentication bypass via client certificate misconfiguration
A flaw was found in Apache Tomcat where OCSP-based certificate validation may incorrectly soft-fail during CLIENTCERT authentication, even when soft-fail is disabled, under certain FFM-related execution paths. This can result in client certificates being accepted despite failed or unverifiable...
LDAP Injection
Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...
CVE-2026-4428
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...
EUVD-2026-13237
A logic error in CRL distribution point validation in AWS-LC before 1.71.0 causes partitioned CRLs to be incorrectly rejected as out of scope, which allows a revoked certificate to bypass certificate revocation checks. To remediate this issue, users should upgrade to AWS-LC 1.71.0 or...
RUSTSEC-2026-0042 CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...
CRL Distribution Point Scope Check Logic Error in AWS-LC
A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...
PT-2026-26369
Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...
EUVD-2013-5030
Malware in sbrugna...
EUVD-2013-0014
Malware in sbrugna...
BIT-MONGODB-2025-3085 MongoDB Server running on Linux may allow unexpected connections where intermediate certificates are revoked
A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to...
GHSA-P78H-M8PV-G9GM Apereo CAS vulnerable to credential leaks for LDAP authentication
Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “sslclientcert”. When checking the validity o...