PT-2026-28069

Name of the Vulnerable Software and Affected Versions Requests versions prior to 2.33.0 Description The requests.utils.extract zipped paths function uses a predictable filename when extracting files from zip archives into the system temporary directory. If a file with the same name already exists...

CVE-2025-67601 Rancher CLI skips TLS verification on Rancher CLI login command

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

CVE-2025-67601

A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting cacerts...

Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

GHSA-MC24-7M59-4Q5P Rancher CLI skips TLS verification on Rancher CLI login command

Impact A vulnerability has been identified within Rancher Manager, where using self-signed CA certificates and passing the -skip-verify flag to the Rancher CLI login command without also passing the –cacert flag results in the CLI attempting to fetch CA certificates stored in Rancher’s setting...

EUVD-2008-6976

Malware in sbrugna...

CVE-2023-35845

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda i...

PT-2023-6499 · Anaconda · Miniconda +1

Name of the Vulnerable Software and Affected Versions: Anaconda 3 versions 2023.03-1-Linux Miniconda version not specified Description: The issue allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many...

ipa security, bug fix, and enhancement update

4.1.0-18.0.1 - Replace login-screen-logo.png 20362818 - Drop subscription-manager requires for OL7 - Drop redhat-access-plugin-ipa requires for OL7 - Blank out header-logo.png product-name.png 4.1.0-18 - Fix ipa-pwd-extop global configuration caching 1187342 - group-detach does not add correct...

CAcert 'analyse.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31481/info CAcert is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Cross site scripting

Cross-site scripting XSS vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN CommonName field in the subject of an X.509 certificate...

CVE-2008-7017

Cross-site scripting XSS vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN CommonName field in the subject of an X.509 certificate...

CVE-2008-7017

The CVE-2008-7017 entry describes a cross-site scripting (XSS) vulnerability in the analyse.php component of CAcert (notably versions around 20080921 up to before 20080928). The root cause is the injection of arbitrary web script/HTML via the CN (CommonName) field in the subject of an X.509 certi...

CVE-2008-7017

Cross-site scripting XSS vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN CommonName field in the subject of an X.509 certificate...

MDKA-2007:072 : nss

These updated packages add the CaCert root certificate to the authorities list. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security, Inc. This script was automatically generat...

Mandriva Update for nss MDKA-2007:072 (nss)

Check for the Version of nss OpenVAS Vulnerability Test Mandriva Update for nss MDKA-2007:072 nss Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Mandriva Update for nss MDKA-2007:072 (nss)

Check for the Version of nss OpenVAS Vulnerability Test Mandriva Update for nss MDKA-2007:072 nss Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

CAcert - 'analyse.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31481/info CAcert is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

CAcert - analyse.php Cross-Site Scripting

CAcert - analyse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31481/info CAcert is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser ...