CLSA-2026-1777884162 Fix CVE(s): CVE-2018-8014

Fix build process: - debian/keystores/ca-cert.pem, ca.jks: regenerate self-signed test CA using the existing ca-key.pem previous CA valid only until 21.03.2025. New validity: 21.04.2026 to 18.04.2036. - debian/keystores/localhost-cert.pem, localhost.jks, localhost-copy1.jks: re-issue against the...

SUSE-SU-2026:1419-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: - CVE-2025-9615: non-admin users are allowed to use certificates from other users bsc1257359...

EUVD-2012-4484

Malware in sbrugna...

EUVD-2019-3034

Malware in sbrugna...

CVE-2024-55056

A stored cross-site scripting XSS vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field...

OESA-2024-1212 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the...

OESA-2024-1214 firefox security update

Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the...

RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute

A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to li...

VDA machines stuck at Initializing for Hybrid Azure AD join

For Citrix MCS provisioned Hybrid Azure AD joined machine catalogs, the VDA machines might be stuck at “Initializing” status after startup. And when you login to the VDA machines and execute the “dsregcmd /status /debug” command, you will find below error message under “Diagnostic Data” “Server...

RHDS: LDAP browser tries to decode userPassword instead of userCertificate attribute

A flaw was found in RHDS 11 and 12. While browsing entries, LDAP tries to decode the userPassword attribute instead of the userCertificate attribute, which could lead into sensitive information being leaked. This issue could allow an attacker with a local account with cockpit-389-ds running to li...

DEBIAN-CVE-2023-1055

A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes...

USN-5892-1 nss vulnerabilities

It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. A remote attacker could possibly use this issue to cause a NSS client to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. CVE-2022-3479 Christian Holler...

Red Hat Directory Server 信任管理问题漏洞

Red Hat Directory Server is a commercial version of the Linux directory server from Red Hat. A security vulnerability exists in Red Hat Directory Server 11 and 12, which stems from an attempt by LDAP to decode the userPassword attribute instead of the userCertificate attribute when browsing for...

SUSE CVE-2012-3864

Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, allows remote authenticated users to read arbitrary files on the puppet master server by leveraging an arbitrary user's certificate and private key in a GET request...

SUSE CVE-2022-3479

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash...

DEBIAN-CVE-2022-3479

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash...

PT-2022-22341 · Mozilla +4 · Nss +4

Name of the Vulnerable Software and Affected Versions: nss affected versions not specified Description: A security issue in nss can cause the client authentication to crash when there is no user certificate in the database, potentially leading to a segmentation fault or crash. Recommendations: At...

CVE-2022-3479

CVE-2022-3479 is an NSS vulnerability where the client authentication process can crash when no user certificate is present in the database, potentially causing a segmentation fault. The connected Nessus advisories (Ubuntu USN-5892-1 and SUSE advisories) note NSS-related fixes and recommend updat...

CVE-2022-3479

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash...

Input validation

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:...