49 matches found
JLSEC-2026-390
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...
EUVD-2026-19696
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5379 runZero Platform MCP certification information leak
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
CVE-2026-5379 runZero Platform MCP certification information leak
An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...
MiracleLinux 7 : gnutls-3.3.26-9.el7 (AXSA:2017-2203:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2203:01 advisory. GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language...
Siemens RUGGEDCOM ROX, SIMATIC S7-1500 Uncontrolled Resource Consumption (CVE-2022-27781)
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. Th...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
Missing Authentication
Overview Affected versions of this package are vulnerable to Missing Authentication in the xDS interface. An attacker can access sensitive configuration data, including certificate information, backend service details, routing rules, and cluster metadata, by connecting to the exposed port without...
EUVD-2020-7655
Malware in sbrugna...
EUVD-2017-14144
Malware in sbrugna...
EUVD-2017-14439
Malware in sbrugna...
EUVD-2023-55605
Malicious code in bioql PyPI...
CVE-2020-15668
A lock was missing when accessing a data structure and importing certificate information into the trust database. This vulnerability affects Firefox 80 and Firefox for Android 80...
CVE-2025-32016 Microsoft Identity Web Exposes Client Secrets and Certificate Information in Service Logs
Microsoft Identity Web is a library which contains a set of reusable classes used in conjunction with ASP.NET Core for integrating with the Microsoft identity platform formerly Azure AD v2.0 endpoint and AAD B2C. This vulnerability affects confidential client applications, including daemons, web...
SUSE CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
K31336596: GnuTLS vulnerability CVE-2017-5334
Security Advisory Description Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information...
SUSE CVE-2017-5035
Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race condition, which could cause Chrome to display incorrect certificate information for a site...
SUSE CVE-2017-5334
Double free vulnerability in the gnutlsx509extimportproxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension...
curl: CERTINFO never-ending busy-loop
A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services NSS get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting system availabili...
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
...