196 matches found
PT-2023-26563 · Mindsdb +1 · Mindsdb +1
Name of the Vulnerable Software and Affected Versions: MindsDB versions prior to 23.7.4.0 Description: The issue concerns the MindsDB's AI Virtual Database, which allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disabl...
PT-2023-3634 · Jenkins · Jenkins Checkmarx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.4.3 and earlier Description: The issue is related to errors in SSL/TLS certificate validation. It may allow a remote attacker to perform a "man-in-the-middle" attack. The plugin disables SSL/TLS validati...
CVE-2023-32994
Jenkins SAML Single Sign OnSSO Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections...
PT-2023-2575 · Jenkins · Jenkins Image Tag Parameter Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Image Tag Parameter Plugin version 2.0 Description: The Jenkins Image Tag Parameter Plugin improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries. This results in job...
SUSE CVE-2011-0633
The Net::HTTPS module in libwww-perl LWP before 6.00, as used in WWW::Mechanize, LWP::UserAgent, and other products, when running in environments that do not set the If-SSL-Cert-Subject header, does not enable full validation of SSL certificates by default, which allows remote attackers to spoof...
SUSE CVE-2012-1177
libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL certificates, which allows remote attackers to obtain user names and passwords via a man-in-the-middle MITM attack with a spoofed certificate...
SUSE CVE-2013-0240
Gnome Online Accounts GOA 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the...
SUSE CVE-2017-1000256
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default...
SUSE CVE-2018-8059
The Djelibeybi configuration examples for use of NGINX in SUSE Portus 2.3, when applied to certain configurations involving Docker Compose, have a Missing SSL Certificate Validation issue because no proxyssl directives are used...
CVE-2022-23491
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust...
CVE-2022-38666
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...
PT-2022-24516 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.146 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for several features. There are no known...
CVE-2022-38666
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features...
PT-2022-26278 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.2 Liferay DXP versions 7.1 before fix pack 27 Liferay DXP versions 7.2 before fix pack 17 Liferay DXP versions 7.3 before service pack 3 Description: The issue is related to missing SSL certificate...
Liferay Portal和Liferay DXP 信任管理问题漏洞
Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...
OPENSUSE-SU-2022:10101-1 Security update for nim
This update for nim fixes the following issues: Includes upstream security fixes for: boo1175333, CVE-2020-15693 httpClient is vulnerable to a CR-LF injection boo1175334, CVE-2020-15692 mishandle of argument to browsers.openDefaultBrowser boo1175332, CVE-2020-15694 httpClient.get.contentLength...
CVE-2022-28143
A cross-site request forgery CSRF vulnerability in Jenkins Proxmox Plugin 0.7.0 and earlier allows attackers to connect to an attacker-specified host using attacker-specified username and password perform a connection test, disable SSL/TLS validation for the entire Jenkins controller JVM as part ...
PT-2022-18841 · Jenkins · Jenkins Proxmox Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin versions 0.6.0 and earlier Description: The issue concerns the disabling of SSL/TLS certificate validation globally for the Jenkins controller JVM when the plugin is configured to ignore SSL/TLS issues. This affects the...
PT-2022-18843 · Jenkins · Jenkins Proxmox Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin version 0.7.0 and earlier Description: The issue allows attackers with Overall/Read permission to connect to a specified host using a specified username and password, and perform a connection test. This also enables the...
CVE-2022-0123
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...