Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52562

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Certificates containing wildcard DNS Subject Alternative Names SANs, such as .example.com, bypass name-constraint checks performed by the Certificate Authority C...

6.3CVSS5.8AI score0.00124EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 4:12 p.m.22 views

crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/13 11:33 a.m.5 views

CVE-2026-33810

A flaw was found in the crypto/x509 package within Go golang. When verifying a certificate chain, excluded DNS Domain Name System constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs if the case of the SAN differs from the constraint. This oversight could allow an...

8.8CVSS5.8AI score0.0034EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 11:26 a.m.3 views

SUSE-SU-2026:21165-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876 - CVE-2026-26007: missing validation can lead to security issues for signature verification ECDSA and shared key negotiati...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References5
OSV
OSV
added 2026/04/08 2:16 a.m.3 views

DEBIAN-CVE-2026-33810

When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the...

8.2CVSS5.3AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-31068

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description When verifying a certificate chain with excluded DNS constraints, these constraints are not correctly applied to wildcard DNS Subject Alternative Names SANs that differ in case. This impacts the validation of...

9.8CVSS5.8AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/01/30 3:17 p.m.11 views

CLEANSTART-2026-TS12850 excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate

Multiple security vulnerabilities affect the helm-operator-fips package. An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. See references for individual vulnerability details...

9.8CVSS5.5AI score0.00459EPSS
Exploits2References8
Tenable Nessus
Tenable Nessus
added 2026/01/08 12:0 a.m.12 views

Amazon Linux 2023 : amazon-ecr-credential-helper (ALAS2023-2025-1327)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1327 advisory. crypto/x509: excluded subdomain constraint does not restrict wildcard SANs An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf...

7.5CVSS7.7AI score0.00585EPSS
Exploits3References8
OSV
OSV
added 2025/12/13 4:45 a.m.3 views

MGASA-2025-0326 Updated golang packages fix security vulnerabilities

Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509. CVE-2025-61727 Excessive resource consumption when printing error string for host certificate validation in crypto/x509. CVE-2025-61729...

7.5CVSS6.8AI score0.00459EPSS
Exploits2References3
OSV
OSV
added 2025/12/03 8:16 p.m.7 views

AZL-71635 CVE-2025-61727 affecting package msft-golang 1.24.13-1

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

6.5CVSS6.7AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2025/12/03 8:16 p.m.4 views

UBUNTU-CVE-2025-61727

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

6.5CVSS6.7AI score0.00274EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/03 7:37 p.m.11 views

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN .example.com...

0.00274EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/03 12:0 a.m.5 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from a subdomain constraint excluded from the crypto/x509 certificate chain that does not restrict the use of the...

6.5CVSS6.3AI score0.00274EPSS
Exploits0References5
CNVD
CNVD
added 2016/06/01 12:0 a.m.4 views

Red Hat Software Collections Python Certificate Acquisition Vulnerability

Red Hat Software Collections is a suite of dynamic languages, open source databases, and web development tools from Red Hat.Python is a set of open source, object-oriented programming languages from the Python Software Foundation that is extensible, supports modules and packages, and supports...

5.9CVSS6.3AI score0.01944EPSS
Exploits0References1
OSV
OSV
added 2014/04/26 1:55 a.m.3 views

UBUNTU-CVE-2014-0350

The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate...

6.4CVSS5.8AI score0.01218EPSS
Exploits0References4
Rows per page
Query Builder