2418 matches found
CVE-2019-10446
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2019-10444
Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM...
CVE-2019-10382
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM...
CVE-2009-0128
plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
Jenkins DingTalk Plugin Unconditionally Disables SSL/TLS Certificate and Hostname Validation
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2025-47888
CVE-2025-47888 affects the Jenkins DingTalk Plugin (versions 2.7.3 and earlier). The vulnerability stems from the plugin unconditionally disabling SSL/TLS certificate and hostname validation when connecting to DingTalk webhooks, enabling potential exposure to MITM attacks and compromising confide...
PT-2025-21241 · Jenkins · Jenkins Dingtalk Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins DingTalk Plugin versions 2.7.3 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks. This affects the security of th...
PT-2025-20615 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco ASA affected versions not specified Description: The issue concerns a bypass of SSL/TLS certificate pinning. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where...
CVE-2024-42177
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...
CVE-2021-35246
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users...
Shrinking Lifespans, Growing Risk: The Final Certificate Countdown
Recent Developments Severely Shorten Certificate Lifespans. The SSL/TLS ecosystem is shifting rapidly and not in a way that favors already stretched teams. Historically, certificates could be valid for up to 10 years. Certificates now face drastically shorter lifespans. DigiCert and other major...
CVE-2024-42177
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...
CVE-2024-42177 HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities
HCL MyXalytics is affected by SSL∕TLS Protocol affected with BREACH & LUCKY13 vulnerabilities. Attackers can exploit the weakness in the ciphers to intercept and decrypt encrypted data, steal sensitive information, or inject malicious code into the system...
PT-2025-17226 · Hcl · Hcl Myxalytics
Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue concerns SSL/TLS Protocol vulnerabilities, specifically BREACH and LUCKY13, which allow attackers to exploit weaknesses in ciphers. This can lead to the interception and...
CVE-2024-56347
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...
CVE-2024-56347
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...
CVE-2024-56347 IBM AIX command execution
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...
CVE-2024-56347 IBM AIX command execution
IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls...
Linux Distros Unpatched Vulnerability : CVE-2017-3731
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to...