Astra Linux - уязвимость в thunderbird, firefox

The length of the certificate was not properly checked when it was added to the certificate store. In practice, only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135...

CVE-2026-39984 Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Versions 2.0.5 and below contain an authorization bypass vulnerability in the VerifyTimestampResponse function. VerifyTimestampResponse correctly verifies the certificate chain signature, but the TSA-specific constraint...

MiracleLinux 8 : gnutls-3.6.16-8.el8_10.5.ML.1 (AXSA:2026-360:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-360:02 advisory. gnutls: Stack-based Buffer Overflow in gnutlspkcs11tokeninit Function CVE-2025-9820 gnutls: GnuTLS: Denial of Service via excessive resource...

EulerOS 2.0 SP10 : curl (EulerOS-SA-2026-1305)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP,...

CVE-2025-67752

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

CVE-2025-70043

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options...

MiracleLinux 8 : openssl-1.1.1g-15.el8 (AXSA:2021-1621:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1621:02 advisory. openssl: NULL pointer dereference in signaturealgorithms processing CVE-2021-3449 openssl: CA certificate check bypass with X509VFLAGX509STRICT...

EUVD-2021-10022

Malware in sbrugna...

EUVD-2024-27415

Malicious code in bioql PyPI...

EUVD-2023-37433

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-12105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenConnect through 8.08 mishandles negative return values from X509check function calls, which might assist attackers in performing man-in-the-middle attacks...

Siemens SICAM TOOLBOX II Trust Management Issue Vulnerability (CNVD-2025-16621)

Siemens SICAM TOOLBOX II is an engineering software from Siemens, Germany. A trust management issue vulnerability exists in Siemens SICAM TOOLBOX II that stems from a common name not being checked for device certificates, which could be exploited by an attacker to cause a man-in-the-middle attack...

QUIC certificate check skip with wolfSSL

...

CVE-2024-31853

CVE-2024-31853 affects Siemens SICAM TOOLBOX II (all versions

TencentOS Server 4: firefox (TSSA-2025:0151)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0151 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: libgit2 (TSSA-2024:0586)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0586 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2024-38825

The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not pki authentication, as the caller does not need access to the corresponding private key for the authentication...

FreeBSD : curl -- Multiple vulnerabilities (533b4470-3f25-11f0-b440-f02f7432cf97)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 533b4470-3f25-11f0-b440-f02f7432cf97 advisory. curl security team reports: CVE-2025-5025: No QUIC certificate pinning with wolfSSL...

CVE-2023-33268

An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection blind...

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Summary: When using WolfSSL as the TLS backend, there is an issue where the CN or SAN in the certificate is not verified when connecting to an IP address over HTTP/3. wolfSSLX509checkhost is only called when peer-sni is not NULL. However, when an IP address is specified, peer-sni is NULL, so the...