Bitdefender Total Security 信任管理问题漏洞

Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A trust management issue vulnerabili...

SUSE CVE-2012-0441

The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services NSS before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a...

OpenSSL 0.9.6 CA Basic Constraints Validation Vulnerability

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7. Such versions do not verify the Basic Constraint for some certificates. A remote attacker could perform a man-in-the-middle attack. Details on this weakness are missing. It is related to...

Code injection

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key...

Internet explorer (and others) CA certificate attack

For intermediate CA only signature is checked, missed check for basic constaint allows to use any valid certificate as CA certificate...