42 matches found
UBUNTU-CVE-2026-9648
The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose Subject Alternative Names fall outside the issuing CA’s permitted subtrees. This oversight enables an attacker who compromises a name-constrained sub-CA to...
CVE-2026-9648
The CVE-2026-9648 affects the crypton-x509-validation (and related crypton-x509) libraries used in Haskell TLS stacks. The root cause is the failure to enforce X.509 NameConstraints, allowing a TLS client to accept SANs outside the issuing sub-CA’s permitted subtrees. This enables an attacker who...
Erlang/OTP -- TLS hostname verification bypass via Subject CommonName fallback and name constraints
https://github.com/erlang/otp/security/advisories/GHSA-22cw-4ph4-6447 reports: Erlang/OTP's TLS hostname verification implements a legacy RFC 6125 fallback that checks the Subject CommonName when the Subject Alternative Name SAN extension is absent, rather than following RFC 9525 which requires...
DEBIAN-CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-5263
URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL woul...
CVE-2026-23250
CVE-2026-23250 is a Linux kernel vulnerability in the XFS code path. The issue arises from not checking the return value of xchk_scrub_create_subord, which could yield an ENOMEM mangling the flow. The fix updates xchk_scrub_create_subord to return NULL on allocation failure and adjusts callers to...
CVE-2026-23250 xfs: check return value of xchk_scrub_create_subord
In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchkscrubcreatesubord Fix this function to return NULL instead of a mangled ENOMEM, then fix the callers to actually check for a null pointer and return ENOMEM. Most of the corrections here are for code...
MiracleLinux 9 : shadow-utils-4.9-15.el9 (AXSA:2025-11140:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11140:02 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding descriptio...
shadow-utils security update
An update is available for shadow-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shadow-utils packages include programs for converting UNIX password...
RLSA-2025:20145 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
AlmaLinux 10 : shadow-utils (ALSA-2025:20145)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20145 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
RockyLinux 9 : shadow-utils (RLSA-2025:20559)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:20559 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description blo...
shadow-utils security update
An update is available for shadow-utils. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shadow-utils packages include programs for converting UNIX password...
RLSA-2025:20559 Low: shadow-utils security update
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fixes: shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 For...
AlmaLinux 9 : shadow-utils (ALSA-2025:20559)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20559 advisory. shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise CVE-2024-56433 Tenable has extracted the preceding description bloc...
shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise
A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to accou...
Low: Red Hat Security Advisory: shadow-utils security update
An update for shadow-utils is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise
A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to accou...