Monthly
A logic error in AWS-LC's CRL (Certificate Revocation List) distribution point validation causes the cryptographic library to incorrectly reject partitioned CRLs as out of scope, allowing revoked certificates to bypass certificate revocation checks. This authentication bypass vulnerability affects AWS-LC versions before 1.71.0 and AWS-LC-FIPS versions before 3.3.0, potentially allowing attackers to use revoked certificates for unauthorized access to systems that rely on AWS-LC for certificate validation. No active exploitation has been reported in KEV, and no EPSS score is available yet.
A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A logic error in AWS-LC's CRL (Certificate Revocation List) distribution point validation causes the cryptographic library to incorrectly reject partitioned CRLs as out of scope, allowing revoked certificates to bypass certificate revocation checks. This authentication bypass vulnerability affects AWS-LC versions before 1.71.0 and AWS-LC-FIPS versions before 3.3.0, potentially allowing attackers to use revoked certificates for unauthorized access to systems that rely on AWS-LC for certificate validation. No active exploitation has been reported in KEV, and no EPSS score is available yet.
A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.