Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/04/21 9:14 p.m.4 views

CVE-2026-40944 Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS5.8AI score0.0016EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 9:14 p.m.14 views

CVE-2026-40944

Summary: CVE-2026-40944 affects Oxia, a metadata store and coordination system. Before 0.16.2, the TLS trustedCertPool() configuration only loads the first PEM block from CA bundles; when multiple certificates (e.g., intermediate + root) are present, the chain is not fully validated for mTLS. Thi...

6.9CVSS5.8AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 9:14 p.m.5 views

EUVD-2026-24509

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS5.8AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2025/02/03 9:12 a.m.10 views

SUSE-SU-2025:20094-1 Security update for python-requests

This update for python-requests contains the following fixes: - Add patch to fix to inject the default CA bundles if they are not specified. bsc1226321, bsc1231500 - Remove Requires on python-py, it should have been removed earlier. - update to 2.32.3: Fixed bug breaking the ability to specify...

5.6CVSS7AI score0.0034EPSS
Exploits0References5
OSV
OSV
added 2023/02/27 12:44 p.m.3 views

USN-5892-1 nss vulnerabilities

It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. CVE-2022-3479 Christian Holler...

8.8CVSS6.9AI score0.00817EPSS
Exploits0References3
F5 Networks
F5 Networks
added 2016/05/19 12:0 a.m.255 views

SOL75152412 - OpenSSL vulnerability CVE-2016-2108

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

10CVSS0.9AI score0.77906EPSS
Exploits1References4
Rows per page
Query Builder