Lucene search
K

90 matches found

F5 Networks
F5 Networks
added 2026/06/29 3:39 p.m.7 views

K000161963: Golang vulnerability CVE-2025-61727

Security Advisory Description An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example . com does not prevent a leaf certificate from claiming the SAN .example.co...

6.5CVSS6.7AI score0.00274EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2026/06/25 7:40 p.m.5 views

EUVD-2026-39549

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in vsftpd

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers that implement different protocols but use compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker, who has access to the victim’s traffic at the TCP/IP layer, can redirect...

7.4CVSS7AI score0.02037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: golang (UTSA-2026-016811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016811 advisory. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes...

6.5CVSS7.2AI score0.00274EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 9:17 p.m.18 views

GHSA-XGP8-3HG3-C2MH webpki: Name constraints were accepted for certificates asserting a wildcard name

Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, .example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very simila...

2.2CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 9:17 p.m.6 views

webpki: Name constraints were accepted for certificates asserting a wildcard name

Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, .example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very simila...

6.5CVSS6.7AI score0.00274EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/14 12:0 p.m.5 views

RUSTSEC-2026-0099 Name constraints were accepted for certificates asserting a wildcard name

Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, .example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very simila...

5.8AI score
Exploits0References2
RustSec
RustSec
added 2026/04/14 12:0 p.m.13 views

Name constraints were accepted for certificates asserting a wildcard name

Permitted subtree name constraints for DNS names were accepted for certificates asserting a wildcard name. This was incorrect because, given a name constraint of accept.example.com, .example.com could feasibly allow a name of reject.example.com which is outside the constraint. This is very simila...

6.5CVSS6.5AI score0.00274EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/04/10 11:27 a.m.6 views

OPENSUSE-SU-2026:20506-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876 - CVE-2026-26007: missing validation can lead to security issues for signature verification ECDSA and shared key negotiati...

8.2CVSS7.2AI score0.00341EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the incorrect application of DNS constraints during certificate chain verification...

8.2CVSS7.3AI score0.0034EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 3:15 a.m.9 views

PYSEC-2026-35

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

5.3CVSS5.7AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 3:15 a.m.3 views

DEBIAN-CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

5.3CVSS4.6AI score0.00154EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/31 3:15 a.m.5 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.7AI score0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 2:4 a.m.8 views

CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/03/31 2:4 a.m.2 views

CVE-2026-34073

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography...

6.3CVSS5.8AI score0.00154EPSS
Exploits0
OSV
OSV
added 2026/03/27 7:56 p.m.9 views

GHSA-M959-CC7F-WV43 cryptography has incomplete DNS name constraint enforcement on peer names

Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf...

6.3CVSS6.8AI score0.00154EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/27 7:56 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation through the NameChain DNS verification logic in src/rust/cryptography-x509-verification. An attacker can make a peer name, such as bar.example.com, validate against a wildcard leaf certificate like...

6.3CVSS5.9AI score0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.3 views

PT-2026-28601

Name of the Vulnerable Software and Affected Versions cryptography versions prior to 46.0.5 Description Versions of cryptography before 46.0.5 had a flaw in how DNS name constraints were validated. The validation only checked against Subject Alternative Names SANs in child certificates, not the...

6.3CVSS5.8AI score0.00154EPSS
Exploits0References286
OSV
OSV
added 2026/02/27 12:43 a.m.7 views

CLEANSTART-2026-XZ04425 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the prometheus-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00459EPSS
Exploits2References5
OSV
OSV
added 2026/02/18 12:37 a.m.9 views

CLEANSTART-2026-AT88149 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the mongodb package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.6AI score0.83007EPSS
Exploits39References7
Rows per page
Query Builder