Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-6731

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name...

7.5CVSS6AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:8 p.m.15 views

CVE-2026-6731

CVE-2026-6731 describes an X.509 name constraint bypass where the Subject CN is treated as a DNS-type name, allowing a certificate to pass DNS constraints if the CN violates them. Public sources (NVD and related feeds) reference this bypass and provide CVSS metrics (v3.1: 7.5, Network, High impac...

7.5CVSS5.8AI score0.00124EPSS
Exploits0References2Affected Software1
SUSE Linux
SUSE Linux
added 2026/05/08 8:58 a.m.8 views

Security update for strongswan

This update for strongswan fixes the following issues: CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. CVE-2026-35331: acceptance of certificates violating X.509 name constrain...

9.2CVSS5.8AI score
Exploits6References24
OSV
OSV
added 2026/05/08 8:58 a.m.6 views

SUSE-SU-2026:1762-1 Security update for strongswan

This update for strongswan fixes the following issues: - CVE-2026-35329: NULL pointer dereference when processing padding in PKCS7 bsc1261717. - CVE-2026-35330: integer underflow when handling EAP-SIM/AKA attributes bsc1261705. - CVE-2026-35331: acceptance of certificates violating X.509 name...

5.8AI score
Exploits6References13
OSV
OSV
added 2026/04/27 11:41 a.m.12 views

USN-8196-2 strongswan vulnerabilities

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supportedversions extension in TLS. A remote attacker could possibly use this issue to cau...

6AI score
Exploits6References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-35581

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

5.9AI score
Exploits6References37
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-35583

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

5.9AI score
Exploits6References37
OSV
OSV
added 2026/04/10 11:26 a.m.3 views

SUSE-SU-2026:21165-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876 - CVE-2026-26007: missing validation can lead to security issues for signature verification ECDSA and shared key negotiati...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/02 5:54 p.m.19 views

CVE-2026-34610 leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation

The leancrypto library is a cryptographic library that exclusively contains only PQC-resistant cryptographic algorithms. Prior to version 1.7.1, lcx509extractnamesegment casts sizet vlen to uint8t when storing the Common Name CN length. An attacker who crafts a certificate with CN = victim's CN +...

5.9CVSS0.00162EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/30 9:17 p.m.6 views

CVE-2026-32884

Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject alternative name is defined in the end-entity certificate Botan would check that the CN was allowed by t...

5.9CVSS5.9AI score0.00158EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/20 8:34 p.m.10 views

AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid D...

5.9AI score
Exploits0References3Affected Software1
RustSec
RustSec
added 2026/03/19 12:0 p.m.42 views

AWS-LC X.509 Name Constraints Bypass via Wildcard/Unicode CN

A logic error in CN Common Name validation allows certificates with wildcard or raw UTF-8 Unicode CN values to bypass name constraints enforcement. The cn2dnsid function does not recognize these CN patterns as valid DNS identifiers, causing NAMECONSTRAINTScheckCN to skip validation. However,...

5.8AI score
Exploits0Affected Software1
SUSE Linux
SUSE Linux
added 2026/03/11 6:35 p.m.5 views

Security update for go1.26

This update for go1.26 fixes the following issues: Update to go1.26.1 bsc1255111: CVE-2026-25679: net/url: reject IPv6 literal not at start of host bsc1259264. CVE-2026-27137: crypto/x509: incorrect enforcement of email constraints bsc1259266. CVE-2026-27138: crypto/x509: panic in name constraint...

8.7CVSS5.8AI score0.00728EPSS
Exploits0References22
OSV
OSV
added 2025/12/12 7:45 a.m.7 views

OPENSUSE-SU-2025:20158-1 Security update for go1.24

This update for go1.24 fixes the following issues: Update to go1.24.11. Security issues fixed: - CVE-2025-47912: net/url: insufficient validation of bracketed IPv6 hostnames bsc1251257. - CVE-2025-58183: archive/tar: unbounded allocation when parsing GNU sparse map bsc1251261. - CVE-2025-58185:...

7.5CVSS5.8AI score0.00626EPSS
Exploits2References29
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-4596

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.10715EPSS
Exploits0References35
Microsoft CVE
Microsoft CVE
added 2024/09/25 7:0 a.m.2 views

Possible denial of service in X.509 name checks

...

7.5CVSS6.8AI score0.66594EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/06/03 12:0 a.m.21 views

RHEL 6 : ruby (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ruby: Command injection vulnerability in Net::FTP CVE-2017-17405 - ruby: OpenSSL::X509::Name equality che...

9.8CVSS8.4AI score0.73927EPSS
Exploits10References18
SUSE CVE
SUSE CVE
added 2023/02/15 5:6 a.m.3 views

SUSE CVE-2016-2176

The X509NAMEoneline function in crypto/x509/x509obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service buffer over-read via crafted EBCDIC ASN.1 data...

8.2CVSS8.8AI score0.22841EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.2 views

SUSE CVE-2018-16395

An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects may return true. When the first argument is one...

6.8CVSS7AI score0.10715EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.6 views

PT-2022-5306

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0.0 through 3.0.6 Description A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. This occurs after certificate chain signature verification and requires either a CA...

10CVSS8.2AI score0.92488EPSS
Exploits8References164
Rows per page
Query Builder