Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error during the intra-handshake attestation.. An attacker can impersonate a trusted service endpoint and gain unauthorized access to sensitive data or operations by extracting the ephemeral TLS private key through...

EUVD-2024-48284

Malicious code in bioql PyPI...

EUVD-2023-28584

Malicious code in bioql PyPI...

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

PT-2024-38279 · Progress · Openedge

Name of the Vulnerable Software and Affected Versions: OpenEdge affected versions not specified Description: The issue concerns the bypassing of host name validation for TLS certificates when using the installed OpenEdge default certificates to perform the TLS handshake for a networked connection...

Input validation

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates...

CVE-2023-24568

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates...

CVE-2023-24568

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates...

The Problem of Issuing Certs For Unqualified Names

The recent attack on Comodo and several of its associated registration authorities has spurred quite a bit of re-examination of the way that the Web’s certificate authority infrastructure works–or doesn’t. One interesting result of this work is that the folks at the Electronic Frontier Foundation...

CVE-2009-0653

OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970...