Lucene search
K

70 matches found

Vulnrichment
Vulnrichment
added 2024/02/06 12:0 a.m.15 views

CVE-2024-25140

A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing 1.3.6.1.5.5.7.3.3, valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of...

7.2AI score0.00509EPSS
Exploits1References3
CVE
CVE
added 2024/02/06 12:0 a.m.216 views

CVE-2024-25140

CVE-2024-25140 affects RustDesk 1.2.3 on Windows. A default install places a WDKTestCert in Trusted Root Certification Authorities with EKU Code Signing (1.3.6.1.5.5.7.3.3), valid 2023–2033. This was intended behavior per vendor note, using a test certificate due to lack of EV cert, raising conce...

9.8CVSS9.4AI score0.00509EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/01/31 11:28 p.m.19 views

GHSA-QRQR-3X5J-2XW9 Docker Authentication Bypass

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...

7.5CVSS7.3AI score0.0092EPSS
Exploits0References5
OSV
OSV
added 2024/01/22 4:36 p.m.6 views

CLSA-2024-1705941381 Update of ca-certificates

Update to CKBI 2.64 from NSS 3.95 - Updated: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Removed: - Certificate "E-Tugra Certification Authority" - Certificate "Hongkong Post Root CA 1" - Certificate "Symantec Class 1 Public Primary Certification Authority - G6" -...

5.8AI score
Exploits0References1
NVD
NVD
added 2022/06/24 3:15 p.m.16 views

CVE-2022-1739

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to...

7.2CVSS0.00136EPSS
Exploits0References1
OSV
OSV
added 2022/06/24 3:15 p.m.3 views

CVE-2022-1739

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to...

6.8CVSS5.8AI score0.00136EPSS
Exploits0References1
Prion
Prion
added 2022/06/24 3:15 p.m.15 views

Design/Logic Flaw

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to...

7.2CVSS6.7AI score0.00136EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/06/24 3:0 p.m.69 views

CVE-2022-1739

The CVE-2022-1739 entry concerns Dominion Voting Systems ImageCast X where the tested software does not validate application signatures against a trusted root certificate. This undermines the software’s traceability and tamper-detection, enabling a potential attacker to install malicious code and...

7.2CVSS6.8AI score0.00136EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/06/03 12:0 a.m.4 views

PT-2022-3892

Name of the Vulnerable Software and Affected Versions Dominion Voting Systems ImageCast X affected versions not specified Description The issue is related to the incorrect validation of cryptographic signatures in the terminal emulator software of the ImageCast X ballot marking device. This could...

7.2CVSS6.9AI score0.00136EPSS
Exploits0References9
Citrix
Citrix
added 2021/07/27 12:0 a.m.11 views

How to Create and Use Client Certificates on NetScaler Appliance with Firmware 10.0

This article describes the procedure to create and use the Citrix NetScaler client certificates. Requirements NetScaler software release 10.0 NetScaler hardware appliance or a NetScaler VPX A client workstation, such as Microsoft Windows XP SP2 Background The NetScaler software consists of an SSL...

6.6AI score
Exploits0
OSV
OSV
added 2021/01/15 2:15 p.m.2 views

DEBIAN-CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...

7.5CVSS7.3AI score0.01153EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/01/15 2:15 p.m.30 views

CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...

7.5CVSS7.1AI score0.01153EPSS
Exploits0References2
OSV
OSV
added 2021/01/15 2:15 p.m.5 views

UBUNTU-CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...

7.5CVSS7.1AI score0.01153EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2021/01/15 1:35 p.m.30 views

CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...

7.5CVSS7.4AI score0.01153EPSS
Exploits0
OSV
OSV
added 2020/09/09 5:29 p.m.22 views

GHSA-F8MR-JV2C-V8MG Invalid root may become trusted root in The Update Framework (TUF)

Impact The Python TUF reference implementation tuf0.12 will incorrectly trust a previously downloaded root metadata file which failed verification at download time. This allows an attacker who is able to serve multiple new versions of root metadata i.e. by a man-in-the-middle attack culminating i...

8.7CVSS8.3AI score0.00553EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2020/02/15 8:24 p.m.45 views

CVE-2019-5010

A null pointer dereference vulnerability was found in the certificate parsing code in Python. This causes a denial of service to applications when parsing specially crafted certificates. This vulnerability is unlikely to be triggered if application enables SSL/TLS certificate validation and accep...

7.5CVSS4.1AI score0.20743EPSS
Exploits1References4
Prion
Prion
added 2018/11/09 9:29 p.m.18 views

Code injection

Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...

5CVSS7.5AI score0.06735EPSS
Exploits1References3Affected Software6
OSV
OSV
added 2018/11/09 9:29 p.m.4 views

CVE-2018-17612

Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...

7.5CVSS5.9AI score0.06735EPSS
Exploits1References3
Citrix
Citrix
added 2018/05/17 12:0 a.m.14 views

The Citrix License Server certificate is not in the Delivery Controller's trusted root store

License Server certificate not in the Delivery Controller's trusted root certificate store. This will impact Studio and Director managing and displaying information from the license server...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2017/11/20 5:45 p.m.45 views

A week in security (November 13 – November 19)

Last week, we gave you some tips for the inevitable online chaos that is Cyber Monday, explained how "trusted" root certificates can sometimes be anything but, and explored the strange world of catphishing. We also pulled apart some malware found on Google Play and laid out the specifics of the...

6.8AI score
Exploits0
Rows per page
Query Builder