Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.7 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.6 views

CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol CMP message response rendered the certificate validation ineffectual, which could lead to escalation of credentials from the Registration Authority RA level to t...

5.7AI score0.00262EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 2:16 a.m.4 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS0.0034EPSS
Exploits0References39
OSV
OSV
added 2026/04/08 2:16 a.m.7 views

UBUNTU-CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/08 1:6 a.m.3 views

CVE-2026-32281 Inefficient policy validation in crypto/x509

Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

5.8AI score0.00349EPSS
Exploits0References4
CVE
CVE
added 2026/04/08 1:6 a.m.118 views

CVE-2026-32281

CVE-2026-32281 : In Go, policy validation for X.509 certificate chains can be inefficient when many policy mappings are present, potentially enabling a denial-of-service on validation of otherwise trusted chains. The OpenSUSE advisories note fixes in Go updates: go1.25.9 and go1.26.2, with SUSE p...

7.5CVSS5.9AI score0.00349EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/14 11:42 p.m.8 views

CLSA-2026-1771112524 Update of alt-php

Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/11/14 3:32 p.m.6 views

qt: allows remote attacker to bypass security restrictions caused by flaw in certificate validation

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate...

5.3CVSS7.4AI score0.00732EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/04 12:0 a.m.4 views

PT-2023-3489 · Qt Company +8 · Qt +8

Name of the Vulnerable Software and Affected Versions: Qt versions prior to 5.15.15 Qt versions 6.x prior to 6.2.9 Qt versions 6.3.x through 6.5.x prior to 6.5.2 Description: The issue is related to errors in the certificate authentication procedure, which can allow a remote attacker to bypass...

9.8CVSS6.8AI score0.01343EPSS
Exploits3References200
Schneier on Security
Schneier on Security
added 2022/11/10 3:18 p.m.10 views

An Untrustworthy TLS Certificate in Browsers

The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy: Googles Chrome, Apples Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as whats known as a root certificate authority, a powerful spot in the internets...

2.8AI score
Exploits0
CNNVD
CNNVD
added 2021/01/15 12:0 a.m.4 views

Ericsson Erlang Trust Management Issue Vulnerability

Ericsson Erlang is a general-purpose concurrency-oriented programming language from Ericsson, Sweden. A trust management issue vulnerability exists in Ericsson Erlang/OTP before 23.2.2, which arises when an application accepts an invalid X.509 certificate chain and trusts it to a trusted root...

7.5CVSS7.1AI score0.01153EPSS
Exploits0References7
OSV
OSV
added 2020/01/18 12:15 a.m.2 views

CVE-2019-19696

A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to...

5.5CVSS5.8AI score0.00472EPSS
Exploits0References4
Citrix
Citrix
added 2018/06/19 12:0 a.m.8 views

XenMobile: How to migrate the Cert Based Auth from existing CA to a new PKI-Infrastructure (With a new Root CA and Issuing CA)?

Existing working two-factor-authentication for XenMobile using cert based auth as the second factor are XenMobile-certificates that are issued by a Windows Enterprise Root CA. This Root CA will be decommissioned and replaced by a new Windows Enterprise Issuing CA that is signed by a new Root CA...

7AI score
Exploits0
CERT
CERT
added 2015/04/20 12:0 a.m.14 views

NetNanny uses a shared private key and root CA

Overview NetNanny uses a shared private key and root Certificate Authority CA, making systems broadly vulnerable to HTTPS spoofing. Description NetNanny installs a Man-in-the-Middle MITM proxy as well as a new trusted root CA certificate. The certificate used by NetNanny is shared among all...

6.8AI score
Exploits0References2
CNVD
CNVD
added 2015/02/28 12:0 a.m.5 views

Komodia SDK for Komodia Redirector with SSL Digestor Information Disclosure Vulnerability

Komodia SDK for Komodia Redirector with SSL Digestor is a suite of redirection platform tools for executing data using SSL encryption and dynamic SSL decryption from Komodia, Israel. An information disclosure vulnerability exists in Komodia SDK for Komodia Redirector with SSL Digestor, which aris...

5CVSS6.4AI score0.02775EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2011/09/07 12:0 a.m.21 views

Fedora 14 : ca-certificates-2011.78-1.fc14 (2011-11951)

This update includes the latest updates to the root Certificate Authority list from Mozilla. It was found that a Certificate Authority CA issued fraudulent HTTPS certificates. This update removes that CA's root certificate from the ca-certificates package, rendering any HTTPS certificates signed ...

5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/11/05 12:0 a.m.38 views

SuSE 10 Security Update : Mozilla (ZYPP Patch Number 7196)

The Mozilla NSS Library was updated to version 3.12.8 and the Mozilla NSPR Library was updated to 4.8.6 to fix various bugs and one security issue : - Disallow wildcard matching in X509 certificate Common Names. CVE-2010-3170 This update also has preparations for Firefox 4 support, and a updated...

4.3CVSS8.3AI score0.01096EPSS
Exploits0References2
Rows per page
Query Builder