Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.9 views

CVE-2026-40944

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS5.4AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 9:14 p.m.5 views

EUVD-2026-24509

Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded...

6.9CVSS5.8AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 11:15 p.m.5 views

GHSA-7JRQ-Q4PQ-RHM6 Oxia's TLS CA certificate chain validation fails with multi-certificate PEM bundles

Summary The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates e.g., intermediate + root CA, only the first certificate is loaded. This silently breaks certificate chain validation for mTLS...

9.3CVSS5.8AI score0.0016EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-34188

Name of the Vulnerable Software and Affected Versions Oxia versions prior to 0.16.2 Description The trustedCertPool function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle contains multiple certificates, such as an intermediate and a root CA,...

9.3CVSS5.8AI score0.0016EPSS
Exploits0References6
Rows per page
Query Builder