Code injection

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

CVE-2020-11054 Incorrect Provision of Specified Functionality in qutebrowser

In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow colors.statusbar.url.warn.fg. However, when the affected website was subsequently loaded again, the UR...

Scientific Linux Security Update : evolution on SL7.x x86_64 (20200407)

evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages evolution-ews: all certificate errors ignored if error is ignored during initial account setup in gnome-online-accounts C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

CentOS 7 : evolution (RHSA-2020:1080)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1080 advisory. - GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted email that contains a...

RHEL 7 : evolution (RHSA-2020:1080)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1080 advisory. Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The...

Authorization Bypass

evolution-ews is vulnerable to authorization bypass. The vulnerability exists as all certificate errors ignored if configured to ignore an initial error in gnome-online-accounts creation resulting in the connection open to being viewed and modified...

RHEL 8 : evolution (RHSA-2019:3699)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3699 advisory. Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. Security Fixes:...

Moderate: Red Hat Security Advisory: evolution security and bug fix update

An update for evolution, evolution-data-server, and evolution-ews is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

Errors testing new connector to CHv 8 - "Connection Error: A failure occurred connecting to Citrix Hypervisor. Error = write EPROTO 140247625111360:error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol"

When i try to configure a connector for this server on Citrix Hypervisor 8, if we check "Use Secured Communications", we get the error "Failed to connect to the server at ...". If we uncheck "Use Secured Communications" and "Ignore Certificate Errors", we can configure the connector. In the file...

DEBIAN-CVE-2018-19131

Squid before 4.4 has XSS via a crafted X.509 certificate during HTTPS error page generation for certificate errors...

Connection failures due to SSL certificate errors with Citrix Workspace app for Chrome / Citrix Receiver for Chrome

Connection to StoreFront/VDA will fail and may show cannot connect to server error or some SSL Certificate error in console logs. One of the reason could be invalid SSL certificate. Applicable Products: Citrix Receiver for HTML5, Citrix Receiver for Chrome, Citrix Workspace app for Chrome, Citrix...

What Triggers HTTPS Chrome Browser Warnings?

A lot of hours go into debugging the cause of and tweaking the HTTPS error warnings that pop up in Google’s Chrome browser. Researchers from Google, Purdue University, the International Institute of Information Technology Hyderabad, and the Leibniz University of Hanover Germany have spent the las...

chromium-browser: caching error in AppCache

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

UBUNTU-CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcacheupdatejob.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5...

DEBIAN-CVE-2014-5444

Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate...

Oracle Linux 6 : pki-core (ELSA-2013-0511)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0511 advisory. 9.0.3-30 - Resolves 902474 - upgrading IPA from 2.2 to 3.0 sees certmonger errors 9.0.3-29 - Resolves 891985 - Increase FreeIPA root CA validity 9.0.3-28 -...