Erlang/OTP 17.0 < 26.2.5.21 / 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 Certificate Chain Forgery (CVE-2026-42789)

The version of Erlang/OTP installed on the remote host is 17.0 prior to 26.2.5.21, 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP publickey...

EUVD-2026-32558

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeycert and publickey modules allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted e.g...

EUVD-2026-24609

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

SUSE CVE-2026-40097

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension...

GHSA-9QQ8-CGCV-QMC9 Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Summary An attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key AK certificate with an empty Extended Key Usage EKU extension during TPM device attestation. Details When processing a device-attest-01 ACME challenge using TPM attestation, Step CA...

ALPINE-CVE-2026-31789

Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker c...

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

CVE-2026-0754 SIP Service Providers – Possible Impersonation of Poly Voice Device

An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if the service provider does not perform proper validation of the device certificate...

MiracleLinux 8 : nodejs:16 (AXSA:2023-6328:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6328:01 advisory. nodejs: mainModule.proto bypass experimental policy mechanism CVE-2023-30581 nodejs: process interuption due to invalid Public Key information in x5...

MiracleLinux 9 : python3.12-cryptography-41.0.7-2.el9_6.1 (AXSA:2025-10844:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10844:02 advisory. python-cryptography: NULL pointer dereference with pkcs12.serializekeyandcertificates when called with a non-matching certificate and private key and an...

EUVD-2021-26734

Malware in sbrugna...

EUVD-2021-28011

Malicious code in bioql PyPI...

Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509

...

SUSE CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

python-cryptography: NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

A flaw was discovered in python-cryptography. A NULL pointer dereference can be triggered when a PKCS12 key and certificate do not match. Specifically, if the pkcs12.serializekeyandcertificates function is called with a non-matching certificate and private key and an encryption algorithm with...

XWiki 加密问题漏洞

Xwiki Platform is a set of wiki platforms for creating web collaboration applications from the French company Xwiki. security vulnerabilities exist in versions of XWiki prior to 13.10.6, 14.3.1 and 14.4-rc-1. X509 certificate with RSA, there is a risk of conflict with SHA1. No details of the...

CVE-2021-40855

The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production...

Code injection

The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production...

OPENSUSE-SU-2020:0790-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker t...