Lucene search
K

30 matches found

Veracode
Veracode
added 2026/05/03 4:52 p.m.12 views

Improper Certificate Validation

Caddy is vulnerable to Improper Certificate Validation. The vulnerability is due to swallowed errors in ClientAuthentication.provision, where failures loading trustedcacertfile or trustedcacertspemfiles are ignored, causing mTLS authentication to fail open and accept any client certificate signed...

9.3CVSS5.8AI score0.00267EPSS
Exploits1References6Affected Software2
RedhatCVE
RedhatCVE
added 2026/03/25 9:31 p.m.5 views

CVE-2026-33248

A flaw was found in NATS-Server, a high-performance messaging system. When configured to use mutual Transport Layer Security mTLS for client identity, and specifically the verifyandmap feature, certain patterns within a client certificate's Subject Distinguished Name DN were not correctly enforce...

4.8CVSS5.6AI score0.00143EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2026/03/25 8:18 p.m.7 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0
OSV
OSV
added 2026/03/25 8:18 p.m.7 views

CVE-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS5.8AI score0.00143EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/03/25 8:18 p.m.9 views

CVE-2026-33248

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...

4.2CVSS6.1AI score0.00143EPSS
Exploits0
Snyk
Snyk
added 2026/02/06 8:5 p.m.6 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to use of P256 certificates. An attacker can evade blocklist enforcement by exploiting ECDSA signature malleability to generate a certificate with a different fingerprint, allowing us...

8.1CVSS5.7AI score0.00133EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/06 8:5 p.m.11 views

Blocklist Bypass possible via ECDSA Signature Malleability

Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...

8.1CVSS5.7AI score0.00133EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/02/06 8:5 p.m.10 views

GHSA-69X3-G4R3-P962 Blocklist Bypass possible via ECDSA Signature Malleability

Impact When using P256 certificates which is not the default configuration, it is possible to evade a blocklist entry created against the fingerprint of a certificate by using ECDSA Signature Malleability to use a copy of the certificate with a different fingerprint. In order for this to affect a...

7.6CVSS5.7AI score0.00133EPSS
Exploits0References4
Veracode
Veracode
added 2026/01/06 8:34 a.m.10 views

Improper Authentication

Elasticsearch is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of client certificates in the PKI realm, which allows an attacker with a specially crafted certificate signed by a trusted CA to impersonate other users...

7.4CVSS6.5AI score0.0016EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 8:7 a.m.6 views

CVE-2025-37731

A flaw was found in Elasticsearch. This vulnerability allows user impersonation via specially crafted client certificates signed by a legitimate, trusted Certificate Authority CA. Mitigation To reduce the risk of exploitation, ensure that the Certificate Authority CA used for the Elasticsearch PK...

7.4CVSS6.4AI score0.0016EPSS
Exploits0References4
Snyk
Snyk
added 2025/12/15 11:39 a.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority. Note: This is only exploitable if the attacker...

7.6CVSS6.8AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/15 11:39 a.m.4 views

Improper Certificate Validation

Overview org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates...

7.6CVSS6.5AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2025/12/15 11:15 a.m.8 views

UBUNTU-CVE-2025-37731

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

7.4CVSS5.8AI score0.0016EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/15 10:42 a.m.8 views

EUVD-2025-203360

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

6.8CVSS6.3AI score0.0016EPSS
Exploits0References2
OSV
OSV
added 2025/12/15 10:42 a.m.4 views

CVE-2025-37731 Elasticsearch Improper Authentication

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

6.8CVSS6AI score0.0016EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.5 views

PT-2025-51212

Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description A flaw exists in the PKI realm authentication process within Elasticsearch. This issue allows a malicious actor to impersonate users by presenting a specially crafted client certificate...

7.4CVSS6.5AI score0.0016EPSS
Exploits0References13
Snyk
Snyk
added 2025/11/07 7:44 p.m.3 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the virt-api component failing to validate the CN field in client TLS certificates against allowed values in the extension-apiserver-authentication configmap. An attacker can...

6.5CVSS5.4AI score0.00139EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2025/07/18 10:15 p.m.5 views

CVE-2025-7395

A certificate verification error in wolfSSL when building with the WOLFSSLSYSCACERTS and WOLFSSLAPPLENATIVECERTVALIDATION options results in the wolfSSL client failing to properly verify the server certificate's domain name, allowing any certificate issued by a trusted CA to be accepted regardles...

9.2CVSS7.2AI score0.00222EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/18 12:0 a.m.5 views

wolfSSL(CyaSSL) 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for use by embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL CyaSSL that stems from a certificate validation error that could cause a client to accept a certificate...

9.2CVSS6.5AI score0.00222EPSS
Exploits0References2
Citrix
Citrix
added 2024/12/07 12:0 a.m.10 views

PVS Server Down In Console After Upgrade to 2402CU1

After upgrading the first PVS Server in the FARM to 2402 CU1 and running the Configuration Wizard the PVS Server appears down in the console. The Configuration Wizard completes with errors. The following is one example found in the AOT logs:...

7.8AI score
Exploits0
Rows per page
Query Builder