UBUNTU-CVE-2026-33307

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

MiracleLinux 8 : stunnel-5.56-5.el8 (AXSA:2021-1521:02)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1521:02 advisory. stunnel: client certificate not correctly verified when redirect and verifyChain options are used CVE-2021-20230 Tenable has extracted the preceding...

B&R Automation Studio Trust Management Vulnerability

B&R Automation Studio is an integrated development environment provided by the Austrian company B&R. Versions of B&R Automation Studio prior to version 6.5 contained a trust management vulnerability. This vulnerability stemmed from improper verification of OPC-UA client and ANSL over TLS client...

EUVD-2019-1003

Malware in sbrugna...

EUVD-2019-7924

Malware in sbrugna...

Fedora 40 : nginx / nginx-mod-fancyindex / nginx-mod-modsecurity / etc (2025-016ed44ddc)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-016ed44ddc advisory. Changes with nginx 1.26.3 05 Feb 2025 Security: insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a different...

Nginx 1.11.4 < 1.26.3 SSL Session Reuse

According to its Server response header, the installed version of nginx is from 1.11.4 to 1.26.2 or 1.27.x prior to 1.27.4. It is, therefore, affected by a SSL session reuse vulnerability due to insufficient check in virtual servers handling with TLSv1.3 SNI allowed to reuse SSL sessions in a...

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios such as traffic from a client to a server that verifies client certificates.

...

BIT-GOLANG-2024-24783 Verify panics on certificates with an unknown public key algorithm in crypto/x509

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

CVE-2024-24783

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

AZL-78968 CVE-2024-24783 affecting package golang 1.25.7-1

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

The vulnerability of the MongoDB database management system, related to improper verification of client certificates, allows a perpetrator to establish a TLS connection with the server.

The vulnerability of the MongoDB database management system is related to improper verification of client certificates. Exploiting this vulnerability allows an attacker who operates remotely to establish a TLS connection with the server...

MGASA-2021-0284 Updated tunnel packages fix security vulnerability

Updated stunnel package fixes security vulnerability: Client certificate not correctly verified when redirect and verifyChain options are used CVE-2021-20230...

RHEL 8 : stunnel (RHSA-2021:0620)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0620 advisory. Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection encrypted using...

Escalation Of Privilege

In Apache HTTP Server 2.4 is vulnerable to escalation of privilege. The vulnerability exist because of a bug in modssl that uses per-location client certificate verification which allows a client to bypass configured access control restrictions...

Palo Alto Networks PAN-OS 8.1.x < 8.1.17 / 9.0.x < 9.0.11 / 9.1.x < 9.1.5 / 10.0.x < 10.0.1 Authentication Bypass Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.17 or 9.0.x prior to 9.0.11 or 9.1.x prior to 9.1.5 or 10.0.x prior to 10.0.1. It is, therefore, affected by a vulnerability. - An authentication bypass vulnerability exists in the GlobalProtect SSL VPN...

CVE-2020-2050 PAN-OS: Authentication bypass vulnerability in GlobalProtect SSL VPN client certificate verification

An authentication bypass vulnerability exists in the GlobalProtect SSL VPN component of Palo Alto Networks PAN-OS software that allows an attacker to bypass all client certificate checks with an invalid certificate. A remote attacker can successfully authenticate as any user and gain access to...

The vulnerability of the mod_ssl component in the Apache HTTP Server web server allows attackers to circumvent the configured access control restrictions.

The vulnerability of the modssl component in the Apache HTTP Server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent established access control restrictions when using client certificate verification with TLSv1.3...

UBUNTU-CVE-2019-17596

Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates...

CVE-2019-0215

In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in modssl when using per-location client certificate verification with TLSv1.3 allowed a client to bypass configured access control restrictions...