8 matches found
Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM includes components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has addressed the vulnerabilities. This product is only used by IBM QRadar SIEM app developers and external business partners and is not relevant for users o...
Siemens SICAM TOOLBOX II 信任管理问题漏洞
Siemens SICAM TOOLBOX II is an engineering software from Siemens, Germany. A trust management issue vulnerability exists in Siemens SICAM TOOLBOX II that stems from a common name not being checked for device certificates, which could be exploited by an attacker to cause a man-in-the-middle attack...
SUSE CVE-2011-4318
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name CN of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers...
UBUNTU-CVE-2016-7099
The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 does not properly handle wildcards in name fields of X.509 certificates, which allows man-in-the-middle attackers to spoof servers via a crafted certificate...
FreeBSD : cURL library -- cert name check ignore with GnuTLS (4e1f4abc-6837-11e3-9cda-3c970e169bc2)
cURL project reports : libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and...
cert name check ignore with GnuTLS
This issue is almost identical to the one named CVE-2013-4545, but this problem affects a different SSL backend. libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate a...
CURL-CVE-2013-6422 cert name check ignore with GnuTLS
This issue is almost identical to the one named CVE-2013-4545, but this problem affects a different SSL backend. libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate a...
CURL-CVE-2013-4545 cert name check ignore OpenSSL
libcurl is vulnerable to a case of missing out the checking of the certificate CN or SAN name field when the digital signature verification is turned off. libcurl offers two separate and independent options for verifying a server's TLS certificate. CURLOPTSSLVERIFYPEER and CURLOPTSSLVERIFYHOST. T...