13 matches found
Authentication Bypass by Primary Weakness
Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness in the connection pool process. An attacker can bypass intended certificate validation by reusing a handle that initially used the default native CA trust and then switching it to custom CA...
libcurl 8.17.0 < 8.21.0 Native CA Trust Persist
The version of libcurl installed on the remote host is 8.17.0 prior to 8.21.0. It is, therefore, affected by an improper certificate validation vulnerability: - An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches th...
curl: CVE-2026-11564: Native CA trust persist
A vulnerability was discovered in the libcurl library where a native CA trust could persist after an easy handle switches to custom CA material. The vulnerability was found to affect builds of libcurl that enable the native CA trust feature. The issue stemmed from the fact that the library did no...
CVE-2026-40243
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database. The OVN client implementations disable Go standard TLS server verification and replace it with...
Incus has an OVN TLS Verification that Accepts Peer-Supplied Roots
Summary Broken TLS validation logic in the OVN database connection logic could allow connections to an attacker's OVN database. OVN uses mTLS for authentication, so the attacker cannot actually perform a full man in the middle attack as they won't be able to authenticated with the real OVN...
ca-certificates bug fix and enhancement update
An update is available for ca-certificates. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ca-certificates package contains a set of Certificate Authority C...
ca-certificates bug fix and enhancement update
An update is available for ca-certificates. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ca-certificates package contains a set of Certificate Authority C...
ca-certificates bug fix and enhancement update
An update is available for ca-certificates. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The ca-certificates package contains a set of Certificate Authority C...
Improper certificate management in AWS IoT Device SDK v2
Connections initialized by the AWS IoT Device SDK v2 for Java versions prior to 1.4.2, Python versions prior to 1.6.1, C++ versions prior to 1.12.7 and Node.js versions prior to 1.5.3 did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities CA in the...
SUSE-SU-2021:0448-1 Security update for SUSE Manager Server 4.0
This update fixes the following issues: cpu-mitigations-formula: - Handle unsupported target systems gracefully bsc1179273 - add mitigations for Xen hypervisor nutch-core: - Fix XXE injection in DmozParser CVE-2021-23901 bsc1181356 smdba: - Do not remove the database if there is no backup and dea...
Fedora 28 : ca-certificates (2018-6d91fc0518)
This is an update to version 2.24 of the Mozilla CA trust list, which has been published as part of the NSS 3.37 release. Please refer to the upstream release notes for the changes: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS3.37 releasenotes Note that Tenable Network Securi...
Debian DSA-2343-1 : openssl - CA trust revocation
Several weak certificates were issued by Malaysian intermediate CA'Digicert Sdn. Bhd.' This event, along with other issues, has lead to Entrust Inc. and Verizon Cybertrust to revoke the CA's cross-signed certificates. This update to OpenSSL, a Secure Sockets Layer toolkit, reflects this decision ...
DSA-2343-1 openssl - CA trust revocation
Bulletin has no description...