SUSE CVE-2026-32144

Improper Certificate Validation vulnerability in Erlang OTP publickey pubkeyocsp module allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in publickey:pkixocspvalidate/5 does not verify that a CA-designated responder certificate...

Amazon.ApplicationLoadBalancer.Identity.AspNetCore 安全漏洞

Amazon.ApplicationLoadBalancer.Identity.AspNetCore is an open source load balancer for Amazon Web Services. A security vulnerability exists in Amazon.ApplicationLoadBalancer.Identity.AspNetCore that stems from an inability to verify the identity of the JWT issuer and signer in the JWT processing...

SUSE CVE-2023-39953

useroidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also...

PT-2023-27170 · Nextcloud · Nextcloud +1

Name of the Vulnerable Software and Affected Versions: user oidc versions 1.0.0 through 1.3.2 Description: The issue is related to the missing verification of the issuer in the user oidc module for Nextcloud, allowing an attacker to perform a man-in-the-middle attack by returning corrupted or kno...

SUSE CVE-2014-1584

The Public Key Pinning PKP implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to...