Lucene search
K

2077 matches found

OSV
OSV
added 2026/03/19 12:0 p.m.4 views

RUSTSEC-2026-0048 CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...

7.4CVSS5.8AI score0.00252EPSS
Exploits0References4
OSV
OSV
added 2026/03/19 12:0 p.m.5 views

RUSTSEC-2026-0042 CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...

7.4CVSS5.9AI score0.00252EPSS
Exploits0References4
RustSec
RustSec
added 2026/03/19 12:0 p.m.7 views

CRL Distribution Point Scope Check Logic Error in AWS-LC

A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs with Issuing Distribution Point IDP extensions. Customers of AWS services do not...

9.1CVSS5.9AI score0.00252EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.11 views

AWS libcrypto 安全漏洞

AWS libcrypto is a general-purpose encryption library open sourced by Amazon Web Services. Prior to version 1.71.0 of AWS libcrypto, there was a security vulnerability. This vulnerability stemmed from a logical error in the CRL distribution point validation process, which incorrectly rejected CRL...

9.1CVSS5.8AI score0.00252EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26369

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CRL distribution point matching in AWS-LC allows a revoked certificate to bypass revocation checks during certificate validation, when the application enables CRL checking and uses partitioned CRLs wi...

9.1CVSS5.9AI score0.00252EPSS
Exploits0References16
EUVD
EUVD
added 2026/03/17 9:31 a.m.5 views

EUVD-2026-12544

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2026/03/17 7:16 a.m.4 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

4.3CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/17 6:37 a.m.3 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:37 a.m.1 views

CVE-2026-3237

In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this...

2.3CVSS5.8AI score0.00152EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/17 6:37 a.m.15 views

CVE-2026-3237

Octopus Server contains an API endpoint with insufficient permission validation that allows a low-privileged user to manipulate signing key expiration and revocation time frames. Keys are not exposed by this issue. The provided documents confirm the vulnerability description but do not specify af...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.5 views

Octopus Server 安全漏洞

Octopus Server is a deployment automation and release management tool provided by the Australian company Octopus, designed for continuous delivery. There is a security vulnerability in Octopus Server, which stems from incorrect permission validation for API endpoints. This vulnerability could all...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/16 8:24 p.m.22 views

CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/03/16 8:24 p.m.23 views

CVE-2026-1629

Mattermost CVE-2026-1629 affects Mattermost 10.11.x up to 10.11.10. The issue arises from not invalidating cached permalink preview data when a user loses channel access, allowing continued viewing of private channel content via previously cached previews until cache reset or relogin. The CVSSv3....

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 8:24 p.m.2 views

CVE-2026-1629 Permalink Preview Information Disclosure After Permission Revocation

Mattermost versions 10.11.x = 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-0058...

4.3CVSS5.8AI score0.00203EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/16 12:0 a.m.1 views

Botan C++ Crypto Algorithms Library 3.11.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/14 12:33 a.m.5 views

MGASA-2026-0056 Updated tomcat packages fix security vulnerabilities

Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...

9.1CVSS5.8AI score0.00498EPSS
Exploits0References3
Mageia
Mageia
added 2026/03/14 12:33 a.m.6 views

Updated tomcat packages fix security vulnerabilities

Client certificate verification bypass due to virtual host mapping. CVE-2025-66614 Security constraint bypass with HTTP/0.9. CVE-2026-24733 OCSP revocation bypass. CVE-2026-24734...

9.1CVSS7.6AI score0.00498EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/14 12:0 a.m.5 views

Security update for tomcat (important)

openSUSE security update: security update for tomcat ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20350-1 Rating: important References: bsc1253460 bsc1258371 bsc1258385 bsc1258387 Cross-References: CVE-2025-66614 CVE-2026-24733 CVE-2026-24734 CVS...

8.7CVSS5.7AI score0.00498EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/13 8:57 a.m.5 views

Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. CVE-2026-24734: certificate revocation bypass du...

8.7CVSS5.7AI score0.00498EPSS
Exploits0References12
OSV
OSV
added 2026/03/13 8:57 a.m.4 views

SUSE-SU-2026:0890-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation...

9.1CVSS5.6AI score0.00498EPSS
Exploits0References7
Rows per page
Query Builder