4 matches found
GHSA-XM5M-WGH2-RRG3 Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...
3x-ui 安全漏洞
3x-ui is a software by Sanaei Personal Developers. A security vulnerability exists in versions prior to 3x-ui v.2.5.3, which stems from a failure to check the certificate option in the administration script x-ui, which could lead to the execution of arbitrary code...
CVE-2022-27781
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...