CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

CVE-2026-42791

Summary: CVE-2026-42791 is an improper certificate validation weakness in Erlang OTP’s public_key/pubkey_ocsp module. OCSP response verification (pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3) fails to enforce the validity period (notBefore/notAfter) of the OCSP responde...

Erlang/OTP -- OCSP responder certificate accepted after expiry in public_key

https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff reports: Erlang/OTP's publickey application fails to validate the validity period of OCSP responder certificates during response verification. An attacker possessing an expired OCSP responder's private key can forge responses...

rust-openssl 输入验证错误漏洞

rust-openssl is an open-source library in Rust that allows for interaction with the OpenSSL library. In versions 0.9.7 to 0.10.79 of rust-openssl, there was a vulnerability related to input validation errors. This vulnerability stemmed from X509Ref::ocspresponders returning the OCSP responder URL...

EUVD-2018-19720

Malware in sbrugna...

EUVD-2014-8479

Malware in sbrugna...

EUVD-2011-2682

Malware in sbrugna...

EUVD-2016-8486

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-8642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which...

Unable to update certificate. Error "Certificate is referenced by a CRL, OCSP responder, vserver...)

Getting error "Certificate is referenced by a CRL, OCSP responder, vserver, service, monitor, SSL profile, CA Cert Group, another certificate, or a policy expression using XMLENCRYPT or XMLDECRYPT " when trying to update the existing certificate...

Updating certificate on NetScaler failed with error

The following error occurs when updating a certificate on the NetScaler appliance. ERROR: Certificate is referenced by a CRL, OCSP responder, vserver, service, monitor, SSL profile, CA Cert Group, another certificate, or a policy expression using XMLENCRYPT or XMLDECR...

K20224417: OCSP responder vulnerability CVE-2018-8019

Security Advisory Description When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with...

Mageia: Security Advisory (MGASA-2019-0184)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-8019

When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using...

Symantec Content Analysis < 2.3.5.1 affected by Multiple Vulnerabilities (SYMSA1463)

The version of Symantec Content Analysis running on the remote host is prior to version 2.3.5.1. It is, therefore, affected by multiple vulnerabilities: - An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denia...

Updated tomcat-native packages fix security vulnerability

When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...

MGASA-2019-0184 Updated tomcat-native packages fix security vulnerability

When using an OCSP responder did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS CVE-2018-8019. Did not properly check OCSP...

Authentication Bypass

Tomcat is vulnerable to authentication bypass vulnerability. This is because, when using an OCSP responder Apache Tomcat Native does not correctly handle invalid responses. Users could authenticate with revoked certificates when using mutual TLS as the revoked client certificates are improperly...

Authentication Bypass

Tomcat is vulnerable to authentication bypass vulnerability. This is because, when using pre-produced responses from an OCSP responder, Tomcat Native does not correctly validate the status of certificates. Users with revoked certificates could authenticate when using mutual TLS as the revoked...

SUSE SLES11 Security Update : libtcnative-1-0 (SUSE-SU-2019:14014-1)

This update for libtcnative-1-0 to version 1.1.34 fixes the following issues : CVE-2017-15698: Fixed an improper handling of fields with more than 127 bytes which could allow invalid client certificates to be accepted bsc1078679. CVE-2018-8019: When using an OCSP responder did not correctly handl...