Admidio PKCS#12 private key export action lacks CSRF protection

Summary The sensitive mode=export action in modules/sso/keys.php exports a PKCS12 bundle containing the configured private key and certificate, but the CSRF validation line is commented out. A forged cross-site POST from an administrator session can therefore trigger private key export without a...

CVE-2026-40970

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the trustedCertPool function, which only parses the first PEM block from CA certificate files. An attacker can bypass certificate chain validation by providing a multi-certificate PEM bundle where only...

CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

GHSA-7JRQ-Q4PQ-RHM6 Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles

Summary The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded. This silently breaks certificate chain validation for mTLS...

CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...

CLSA-2026-1773341470 Update of alt-php

Update ca-certificates database to 20260305: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.84. - The following certificates were added: Certificate "TrustAsia TLS ECC Root CA" Certificate "TrustAsia TLS RSA Root CA" Certificate "SwissSign RSA TLS Roo...

CLSA-2026-1771112524 Update of alt-php

Update ca-certificates database to 20260129: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "GlobalSign Root CA" Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Comodo AAA...

AZL-75911 CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...

CLSA-2025-1763137741 python3.11-cryptography: Fix of CVE-2023-49083

CVE-2023-49083: fix crash when loading PKCS7 bundle with no certificates - Fix RUSTFLAGS macro expansion in build process...

Linux Distros Unpatched Vulnerability : CVE-2024-28835

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the certtool...

CLSA-2025-1752082236 Update of alt-php

Update ca-certificates database to 20250416: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.74. - The following certificates were updated: Certificate "Entrust.net Premium 2048 Secure Server CA" Certificate "Entrust Root Certification Authority"...

CLSA-2024-1730916816 Update of alt-php

Update ca-certificates database to 20240823: - mozilla/certdata.txt,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.69. - The following certificates were updated: Certificate "OISTE WISeKey Global Root GC CA" - The following certificates were added: Certificate "Telekom...

OESA-2024-2264 gnutls security update

GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface API to access the secure communications protocols as well as APIs to parse and write X.509, PKCS 12, and other...

USN-7034-1 ca-certificates update

The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.64 version of the Mozilla certificate authority bundle...

gnutls: potential crash during chain building/verification

A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command...

USN-6727-2 nss regression

USN-6727-1 fixed vulnerabilities in NSS. The update introduced a regression when trying to load security modules on Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that NSS incorrectly handled...

USN-6727-1 nss vulnerabilities

It was discovered that NSS incorrectly handled padding when checking PKCS1 certificates. A remote attacker could possibly use this issue to perform Bleichenbacher-like attacks and recover private data. This issue only affected Ubuntu 20.04 LTS. CVE-2023-4421 It was discovered that NSS had a timin...

CLSA-2024-1705945513 Update of ca-certificates

update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...

CLSA-2024-1705941268 Update of ca-certificates

update to CKBI 2.64 from NSS 3.95 - updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - removed old certificates: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification...