Erlang/OTP 27.0 < 27.3.4.12 / 28.0 < 28.5.0.1 / 29.0 < 29.0.1 OCSP Expired Responder Certificate Bypass (CVE-2026-42791)

The version of Erlang/OTP installed on the remote host is 27.0 prior to 27.3.4.12, 28.0 prior to 28.5.0.1, or 29.0 prior to 29.0.1. It is, therefore, affected by a vulnerability: - Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses...

CVE-2026-42791

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkeyocsp:verifyresponse/5 and pubkeyocsp:isauthorizedresponder/3 in...

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

SUSE-SU-2026:2103-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. - CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. - CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163. -...

CVE-2026-42791

Summary: CVE-2026-42791 is an improper certificate validation weakness in Erlang OTP’s public_key/pubkey_ocsp module. OCSP response verification (pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3) fails to enforce the validity period (notBefore/notAfter) of the OCSP responde...

Erlang/OTP -- OCSP responder certificate accepted after expiry in public_key

https://github.com/erlang/otp/security/advisories/GHSA-cjxj-wj6x-3fff reports: Erlang/OTP's publickey application fails to validate the validity period of OCSP responder certificates during response verification. An attacker possessing an expired OCSP responder's private key can forge responses...

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

CVE-2026-44900 epa4all-client: VAU Signature bypass

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

OPENSUSE-SU-2026:20796-1 Security update for nginx

This update for nginx fixes the following issues - CVE-2026-27651: denial of service via undisclosed requests when the ngxmailauthhttpmodule is enabled bsc1260415. - CVE-2026-32647: NGINX worker memory over-read or over-write via a specially crafted MP4 file bsc1260420. - CVE-2026-40701: heap...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : GnuTLS vulnerabilities (USN-8284-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8284-1 advisory. Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remot...

USN-8284-1 gnutls28 vulnerabilities

Joshua Rogers discovered that GnuTLS did not properly handle malformed DTLS handshake fragments in certain cases. A remote attacker could possibly use this issue to obtain sensitive information, or cause a denial of service. CVE-2026-33845 Haruto Kimura, Oscar Reparaz, and Zou Dikai discovered th...

FreeBSD : nginx-devel -- multiple vulnerabilities (1ed77d8e-53bb-11f1-b339-3497f65b111b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 1ed77d8e-53bb-11f1-b339-3497f65b111b advisory. The nginx project reports: nginx 1.31.0 fixes multiple security issues affecting HTTP/2...

tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation

A flaw was found in Apache Tomcat. When an Online Certificate Status Protocol OCSP responder is used, the Tomcat Native component, and Tomcat's FFM port of the Tomcat Native code, does not properly verify or check the freshness of the OCSP response. This improper input validation vulnerability...

RHEL 10 : tomcat (RHSA-2026:19054)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:19054 advisory. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat: Certificate...

OPENSUSE-SU-2026:20778-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass bsc1263706. - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short...

SUSE-SU-2026:21752-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass bsc1263706. - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short...

SUSE-SU-2026:21815-1 Security update for gnutls

This update for gnutls fixes the following issues - CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass bsc1263706. - CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive bsc1263707. - CVE-2026-5260: lib/pkcs11privkey: guard against overreading on short...

OESA-2026-2318 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

OESA-2026-2316 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

BIT-NGINX-GATEWAY-2026-40701 NGINX ngx_http_ssl_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...