84 matches found
SUSE CVE-2026-34181
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-29114
A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...
ALPINE-CVE-2026-34181
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34181
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34181 PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
Issue Summary: The PKCS12 file processing fails to perform sufficient input validation for files that use Password-Based Message Authentication Code 1 PBMAC1 integrity mechanism allowing a certificate and private key forgery. Impact Summary: An attacker impersonating a user can cause a service...
CVE-2026-34181
The CVE-2026-34181 issue affects PKCS#12 file processing in OpenSSL where insufficient input validation for PBMAC1 allows forging certificates and private keys. An attacker impersonating a user could cause a service that reads PKCS#12 files to accept forged certificates and keys with about a 1 in...
Casdoor 安全漏洞
Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...
FreeBSD : Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer (9357a450-5a54-11f1-b886-4c526214c986)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9357a450-5a54-11f1-b886-4c526214c986 advisory. https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey...
PT-2026-43712
Name of the Vulnerable Software and Affected Versions Erlang OTP versions 17.0 through 26.2.5.20 Erlang OTP versions 27.x prior to 27.3.4.12 Erlang OTP versions 28.x prior to 28.5.0.1 Erlang OTP versions 29.x prior to 29.0.1 public key versions 0.22 through 1.15.1.6 public key versions 1.17.x pri...
Erlang/OTP -- public_key accepts non-CA certificate as intermediate issuer
https://github.com/erlang/otp/security/advisories/GHSA-c99q-jmpx-v8qq reports: Erlang/OTP's publickey application contains a path-validation flaw where non-CA certificates lacking keyUsage extensions can be accepted as intermediate issuers. An attacker with an end-entity certificate issued by a...
Exposing Fox Tempest: A malware-signing service operation
In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...
PYSEC-2026-126
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
Incus 信任管理问题漏洞
Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 7.0.0 contained a vulnerability related to trust management. This vulnerability stemmed from a corrupted TLS verification logic in the OVN database connection logic. It could allow attackers to...
Improper Verification Of Cryptographic Signature
jsrsasign is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is due to insufficient validation of DSA domain parameters during signature verification, which allows an attacker to craft malicious parameters and forge valid signatures or certificates...
CVE-2026-5501
CVE-2026-5501 involves wolfSSL’s X509_verify_cert in the OpenSSL compatibility layer. The vulnerability arises when a certificate chain is presented where the leaf’s signature is not checked if an untrusted intermediate (CA:FALSE) signed by a trusted root is supplied. An attacker with any leaf ce...
PT-2026-31865
Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.9.1 Description The wolfSSL X509 verify cert function within the OpenSSL compatibility layer does not properly check the signature of a certificate's leaf when an untrusted intermediate certificate with Basic...
Improper Verification of Cryptographic Signature
Overview bsv-sdk is an A Ruby library for interacting with the BSV Blockchain — keys, scripts, transactions, and more. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificat...
Improper Verification of Cryptographic Signature
Overview bsv-wallet is an Implements the BRC-100 standard wallet-to-application interface for the BSV Blockchain. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the acquirecertificate function. An attacker can persist forged certificate...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation via improper validation in the certificate renewal process. An attacker can gain unauthorized access to other managed clusters by forging a client certificate that is accepted by the controller. Remediati...