GHSA-9H6H-9G78-86F7 Yapscan's report receiver server vulnerable to path traversal and log injection

Impact If you make use of the report receiver server experimental, a client may be able to forge requests such that arbitrary files on the host can be overwritten subject to permissions of the yapscan server, leading to loss of data. This is particularly problematic if you do not authenticate...

MGASA-2015-0274 Updated openssl package fixes security vulnerability

During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

Updated openssl package fixes security vulnerability

During certificate verification, OpenSSL starting from version 1.0.1n and 1.0.2b will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted...

OpenSSL restrictions bypass

Certificate without CA flag can be validated as a valid signing certificate...

openssl: man-in-the-middle

During certificate verification, OpenSSL will attempt to find an alternative certificate chain if the first attempt to build such a chain fails. An error in the implementation of this logic can mean that an attacker could cause certain checks on untrusted certificates to be bypassed, such as the ...

Vulnerability in OpenSSL - Alternative chains certificate forgery

An error in the implementation of the alternative certificate chain logic could allow an attacker to cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act as a CA and “issue” an invalid certificate. Found by Adam...