15 matches found
CVE-2026-48934
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
MISP modules 信任管理问题漏洞
MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. Prior to version 3.0.7, there were vulnerabilities related to trust management in MISP modules. These vulnerabilities stemm...
CVE-2026-42225
PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...
Incorrect Authorization
Overview pyload-ng is a The free and open-source Download Manager written in pure Python Affected versions of this package are vulnerable to Incorrect Authorization in the setconfigvalue process. An attacker can disable outbound TLS peer verification by setting the sslverify configuration to 'off...
Fedora 42 : cpp-httplib (2026-04a531cece)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-04a531cece advisory. Update to 0.37.2 - Fixes silent TLS certificate verification bypass on HTTPS Redirect via proxy CVE-2026-32627, rhbz2448105 Source:...
CVE-2026-32627
cpp-httplib before 0.37.2 is vulnerable when using a proxy and set_follow_location(true): HTTPS redirects can bypass TLS certificate and hostname verification on the redirected connection, allowing a network attacker to intercept credentials or tokens. The issue is fixed in 0.37.2.
CVE-2025-54470 NeuVector telemetry sender is vulnerable to MITM and DoS
This vulnerability affects NeuVector deployments only when the Report anonymous cluster data option is enabled. When this option is enabled, NeuVector sends anonymous telemetry data to the telemetry server. In affected versions, NeuVector does not enforce TLS certificate verification when...
SUSE CVE-2013-1431
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks...
ALSA-2020:2852 Important: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.18.2. Security Fixes: nghttp2: overly large SETTINGS frames can lead to DoS...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.2 openshift-enterprise-builder-container security update
An update for openshift-enterprise-builder-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating...
python-keystoneclient: TLS certificate verification disabled
It was found that python-keystoneclient treated all settings in paste.ini files as string types. If the "insecure" option were set to any value in a paste.ini configuration file, it would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks...
[SECURITY] [DSA 2702-1] telepathy-gabble security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2702-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso June 03, 2013 http://www.debian.org/security/faq -...
FreeBSD : telepathy-gabble -- TLS verification bypass (a3c2dee5-cdb9-11e2-b9ce-080027019be0)
"Simon McVittie reports : This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a 'legacy Jabber' pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes : . upgrade the server software to something that supports...
Debian Security Advisory DSA 2702-1 (telepathy-gabble - TLS verification bypass)
Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers. A network intermediary could use this vulnerability to bypass TLS verification and perfor...
telepathy-gabble -- TLS verification bypass
Simon McVittie reports: This release fixes a man-in-the-middle attack. If you use an unencrypted connection to a "legacy Jabber" pre-XMPP server, this version of Gabble will not connect until you make one of these configuration changes: . upgrade the server software to something that supports XMP...