Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added yesterday3 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7AI score0.0034EPSS
Exploits0References8
OSV
OSV
added 2026/02/11 12:40 a.m.5 views

CLEANSTART-2026-IM73098 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the istio-pilot-discovery package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References5
OSV
OSV
added 2026/01/30 3:8 p.m.5 views

CLEANSTART-2026-TF52804 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the istio-pilot-discovery-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.00459EPSS
Exploits2References5
Amazon
Amazon
added 2026/01/07 12:0 a.m.8 views

Medium: runfinch-finch

Issue Overview: SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SSH servers parsing GSSAPI authentication requests do not validate the number...

7.5CVSS7.2AI score0.00533EPSS
Exploits2
Amazon
Amazon
added 2026/01/07 12:0 a.m.8 views

Medium: cni-plugins

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
Amazon
Amazon
added 2026/01/07 12:0 a.m.11 views

Medium: nerdctl

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
Amazon
Amazon
added 2026/01/05 12:0 a.m.6 views

Medium: oci-add-hooks

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.9AI score0.00459EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.9 views

Amazon Linux 2 : runc, --advisory ALAS2DOCKER-2025-088 (ALASDOCKER-2025-088)

The version of runc installed on the remote host is prior to 1.3.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2025-088 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.6 views

Amazon Linux 2 : runc, --advisory ALAS2NITRO-ENCLAVES-2025-081 (ALASNITRO-ENCLAVES-2025-081)

The version of runc installed on the remote host is prior to 1.3.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2025-081 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References6
OSV
OSV
added 2025/12/30 12:16 p.m.9 views

OESA-2025-2867 golang security update

. Security Fixes: crypto/x509: Exclude subdomain constraints do not restrict wildcard SANs Exclude subdomain constraints in certificate chains do not restrict the use of wildcard SANs in leaf certificates. For example, excluding the constraint on the subdomain test.example.com does not prevent th...

7.5CVSS6.7AI score0.00459EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/12/18 12:0 a.m.7 views

TencentOS Server 4: golang (TSSA-2025:0958)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0958 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7.7AI score0.00459EPSS
Exploits2References3
OSV
OSV
added 2025/12/15 8:15 p.m.8 views

GO-2025-4224 OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs in github.com/opentofu/opentofu

OpenTofu incorrectly validates excluded subdomain constraint in conjunction with TLS certificates containing wildcard SANs in github.com/opentofu/opentofu...

6.5CVSS6.8AI score0.00274EPSS
Exploits0References4
Rows per page
Query Builder