CLSA-2026-1775646020 Update of pki-servlet-engine

Bump release...

Evaluating Future Air Traffic Management Security

The L-Band Digital Aviation Communication System LDACS aims to modernize communications between the aircraft and the tower. Besides digitizing this type of communication, the contributors also focus on protecting them against cyberattacks. There are several proposals regarding LDACS security, and...

[SECURITY] Fedora 43 Update: rust-rustls-webpki-0.103.10-1.fc43

Web PKI X.509 Certificate Verification...

certstrike

CertStrike ADCS exploitation and PKI attack framework with in...

Google Develops Merkle Tree Certificates to Enable Quantum-Resistant HTTPS in Chrome

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. "To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing...

CVE-2026-24122

A flaw was found in sigstore/cosign. This vulnerability affects private deployments using customized Public Key Infrastructures PKIs, where it can lead to incorrect validation of artifact signatures. Cosign may mistakenly accept an issuing certificate as valid even if its expiration date precedes...

CVE-2026-24122

Cosign

RHSA-2026:2724 Red Hat Security Advisory: pki-deps:10.6 security update

Bulletin has no description...

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

RHEL 8 : pki-deps:10.6 (RHSA-2026:2725)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2725 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Apache...

[SECURITY] Fedora 42 Update: rust-routinator-0.14.2-4.fc42

An RPKI relying party software...

[SECURITY] Fedora 43 Update: rust-routinator-0.14.2-4.fc43

An RPKI relying party software...

[SECURITY] Fedora 42 Update: rpki-client-9.7-1.fc42

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

MiracleLinux 7 : pki-core-10.5.18-12.el7 (AXSA:2021-1610:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1610:01 advisory. pki-core: Unprivileged users can renew any certificate CVE-2021-20179 pki-core: XSS in the certificate search results CVE-2020-25715 pki-core:...

MiracleLinux 8 : pki-deps:10.6 (AXSA:2024-8412:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8412:01 advisory. jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 Tenable has extracted the preceding description block directly from th...

MiracleLinux 7 : ipa-4.4.0-14.6.0.1.el7.AXS7 (AXSA:2017-1334:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1334:03 advisory. IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control,...

Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI

As the quantum computing era approaches, securing classical cryptographic protocols becomes imperative. Public key cryptography is widely used for signature and key exchange but it is the type of cryptography more threatened by quantum computing. Its application typically requires support via a...

RHSA-2026:0293 Red Hat Security Advisory: pki-servlet-engine security update

Bulletin has no description...

Important: Red Hat Security Advisory: pki-servlet-engine security update

An update for pki-servlet-engine is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Improper Authentication

Elasticsearch is vulnerable to Improper Authentication. The vulnerability is due to insufficient validation of client certificates in the PKI realm, which allows an attacker with a specially crafted certificate signed by a trusted CA to impersonate other users...