Lucene search
+L

1754 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS6.8AI score0.00606EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday6 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7AI score0.00459EPSS
Exploits2References8
OSV
OSV
added 2 days ago4 views

RLSA-2026:39573 Important: yggdrasil security update

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fixes: net: golang: Go net package: Denial of Service vi...

8.2CVSS6.5AI score0.00939EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2 days ago4 views

go-toolset:rhel8 security, bug fix, and enhancement update

An update is available for delve, module.delve, module.golang, golang. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Go Toolset provides the Go programming...

9.6CVSS6.5AI score0.00939EPSS
Exploits0
NVD
NVD
added 3 days ago4 views

CVE-2026-45063

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS0.00323EPSS
Exploits0References6
OSV
OSV
added 3 days ago3 views

CVE-2026-45063 Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00323EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension...

9.1CVSS6.2AI score0.00222EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

DEBIAN-CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS6.2AI score0.00222EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

DEBIAN-CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS0.00212EPSS
Exploits0References2
OSV
OSV
added 4 days ago5 views

UBUNTU-CVE-2026-58101

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

UBUNTU-CVE-2026-58102

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS6.2AI score0.00222EPSS
Exploits0References3
CVE
CVE
added 4 days ago14 views

CVE-2026-58102

Summary of CVE-2026-58102 : Crypt::OpenSSL::X509 (Perl) versions before 2.1.3 are affected by a heap out-of-bounds read when processing long certificate extension OIDs in hv_exts. The vulnerability arises while building the extension hash through extensions(), extensions_by_long_name(), extension...

9.1CVSS6.2AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 4 days ago4 views

CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

9.1CVSS6.2AI score0.00222EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-58102 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hv_exts

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow a heap out-of-bounds read via a long certificate extension OID in hvexts. When building the extension hash via extensions, extensionsbylongname, extensionsbyoid, or hasextensionoid, the code passes OBJobj2txt's return value as the hash-key...

0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-58101 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

0.00212EPSS
Exploits0References2
CVE
CVE
added 4 days ago13 views

CVE-2026-58101

CVE-2026-58101 affects Crypt::OpenSSL::X509 before 2.1.3 for Perl. The issue arises when X509V3_EXT_d2i(ext) returns NULL if an extension fails to parse, yet basicC, ia5string, and auth_att dereference the result without a NULL check, and keyid_data dereferences akid->keyid even when the AKI s...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-58101 Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference

Crypt::OpenSSL::X509 versions before 2.1.3 for Perl allow denial of service via NULL pointer dereference. X509V3EXTd2iext returns NULL when an extension's DER value fails to parse. basicC, ia5string, and authatt dereference its result without a NULL check. keyiddata also dereferences akid-keyid,...

7.5CVSS6.1AI score0.00212EPSS
Exploits0References6
Rows per page
Query Builder