Lucene search
K

65 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/25 7:40 p.m.5 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:56 a.m.11 views

Security Bulletin: There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-6860)

Summary There is a vulnerability in vertx-core-4.5.24.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-6860 DESCRIPTION: A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepte...

6.9CVSS5.8AI score0.00238EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 2:27 a.m.6 views

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References1
NVD
NVD
added 2026/05/06 10:16 a.m.14 views

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS0.00238EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/06 9:55 a.m.33 views

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS0.00238EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/06 9:55 a.m.6 views

EUVD-2026-27655

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/06 9:55 a.m.5 views

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 9:55 a.m.6 views

CVE-2026-6860

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting .example.com, any XYZ.example.com where xyz is a valid name can be used...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/06 9:55 a.m.31 views

CVE-2026-6860

CVE-2026-6860 describes a TLS SNI handling weakness where a TCP client can present an SNI that matches a server wildcard certificate (e.g., *.example.com) and be accepted by the server, allowing any XYZ.example.com under the wildcard to be used. The CVSS 4.0 vector yields a NETWORK, LOW complexit...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37437

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name. For example, if the...

6.9CVSS5.8AI score0.00238EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/03/31 10:45 p.m.3 views

CVE-2026-34073

A flaw was found in the cryptography library. This vulnerability occurs because DNS Domain Name System name constraints were not properly validated against the "peer name" during certificate validation, only against Subject Alternative Names SANs within child certificates. This oversight could...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/03/31 3:15 a.m.11 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:15 a.m.4 views

ALPINE-CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

5.3CVSS5.7AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:15 a.m.4 views

UBUNTU-CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.7AI score0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 2:4 a.m.2 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/31 2:4 a.m.5 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS4.5AI score0.00154EPSS
Exploits0
OSV
OSV
added 2026/02/25 12:49 a.m.4 views

CLEANSTART-2026-IG94553 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the helm-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00626EPSS
Exploits2References21
OSV
OSV
added 2026/01/30 3:43 p.m.2 views

CLEANSTART-2026-BQ46815 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the consul-k8s-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00724EPSS
Exploits2References12
Amazon
Amazon
added 2026/01/07 12:0 a.m.8 views

Medium: ecs-init

Issue Overview: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not...

7.5CVSS6.8AI score0.00459EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2026/01/05 12:0 a.m.9 views

Amazon Linux 2 : ecs-init, --advisory ALAS2ECS-2025-088 (ALASECS-2025-088)

The version of ecs-init installed on the remote host is prior to 1.101.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2ECS-2025-088 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a...

7.5CVSS7.7AI score0.00459EPSS
Exploits2References6
Rows per page
Query Builder