Lucene search
K

63 matches found

RedHat Linux
RedHat Linux
added 5 days ago5 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.6 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7.1AI score0.0034EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/20 5:1 p.m.11 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References8
Hacker One
Hacker One
added 2026/05/14 10:35 a.m.38 views

curl: Trailing-dot IPv4 URL bypasses IP-address guard, allows wildcard DNS SAN match

Hi all, Sorry to ruin anybody's day, but we've discovered another issue when it comes to dots. We've found a TLS certificate verification bypass that lets a trailing-dot IPv4 URL -- https://127.0.0.1./ -- pass peer authentication against a wildcard DNS SAN certificate such as DNS:.0.0.1. The IP...

4.3CVSS5.9AI score0.01118EPSS
Exploits1
OSV
OSV
added 2026/04/15 12:45 a.m.5 views

CLEANSTART-2026-FB07695 When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint

Multiple security vulnerabilities affect the velero-fips package. When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. See references for individual vulnerability...

9.8CVSS6.8AI score0.01945EPSS
Exploits6References42
OSV
OSV
added 2026/04/14 7:57 a.m.6 views

SUSE-SU-2026:21126-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32425

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

7.5CVSS5.8AI score0.0034EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.3 views

SUSE CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

5.9CVSS5.8AI score0.0034EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 10:48 a.m.7 views

Security Bulletin: Certificate Name Constraints Bypass via Wildcard SANs affects watsonx.data

Summary Improper enforcement of certificate name constraints allows wildcard SANs e.g., .example.com to bypass excluded subdomain restrictions e.g., test.example.com, potentially enabling unauthorized certificate usage.This can affect watsonx.data. Vulnerability Details CVEID:CVE-2025-61727...

7.5CVSS7AI score0.00459EPSS
Exploits2Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/08 2:16 a.m.4 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.2CVSS5.9AI score0.0034EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/08 1:6 a.m.4 views

EUVD-2026-20024

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

5.9AI score0.0034EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/04/08 1:6 a.m.9 views

CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.8CVSS5.8AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/02/25 12:50 a.m.4 views

CLEANSTART-2026-VZ85637 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the helm-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00626EPSS
Exploits2References21
OSV
OSV
added 2026/01/30 3:30 p.m.4 views

CLEANSTART-2026-UR80185 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the helm-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00626EPSS
Exploits2References21
OSV
OSV
added 2026/01/30 3:24 p.m.6 views

CLEANSTART-2026-HX78047 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the helm-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00626EPSS
Exploits2References21
OSV
OSV
added 2026/01/30 3:22 p.m.5 views

CLEANSTART-2026-GS02052 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the helm-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00626EPSS
Exploits2References21
OSV
OSV
added 2026/01/30 3:8 p.m.6 views

CLEANSTART-2026-BL06950 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References5
OSV
OSV
added 2026/01/30 3:3 p.m.7 views

CLEANSTART-2026-LP38773 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References7
OSV
OSV
added 2026/01/30 3:3 p.m.10 views

CLEANSTART-2026-VL83369 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the kube-state-metrics-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References9
OSV
OSV
added 2026/01/30 2:51 p.m.6 views

CLEANSTART-2026-IA26094 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-operator-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References7
Rows per page
Query Builder