27 matches found
CVE-2026-32324
Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...
Vulnerability handling in Palo Alto Networks PAN-OS and Prisma Access
Palo Alto Networks has identified a vulnerability in the PAN-OS’ GlobalProtect portal and gateway components. An unauthorized malicious actor can exploit this vulnerability to establish a VPN connection. As a result, the malicious actor gains access to internal systems that are accessible via the...
CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
DEBIAN-CVE-2026-8367
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-8367
aria2c is affected by an improper certificate validation issue where it accepts a server certificate with an incorrect Extended Key Usage (EKU). If an attacker obtains a certificate (with its private key) intended for a different purpose, they may reuse it to perform TLS server authentication aga...
PT-2026-40700
aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
aria2c 信任管理问题漏洞
aria2c is a lightweight multi-protocol command-line download tool developed by aria2. Aria2c has a trust management vulnerability that stems from accepting server certificates with incorrect extension key purposes. This vulnerability could allow attackers to reuse certificates issued for differen...
Linux Distros Unpatched Vulnerability : CVE-2026-1858
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private...
CVE-2026-1858
wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
DEBIAN-CVE-2026-1858
wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
EUVD-2026-26285
wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-1858 wget2 Improper Certificate Validation
wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
CVE-2026-1858
wget2 accepts a server certificate with incorrect Key Usage KU or Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...
wget2 输入验证错误漏洞
wget2 is a network file retrieval tool from the American GNU community that supports high-performance concurrent downloads and modern protocol features. wget2 has a vulnerability related to input validation. This vulnerability arises from accepting server certificates with incorrect key purposes ...
CVE-2026-32324
Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale...
EUVD-2016-8013
Malware in sbrugna...
CVE-2023-23588
A vulnerability has been identified in SIMATIC IPC1047 All versions, SIMATIC IPC1047E All versions with maxView Storage Manager 4.09.00.25611 on Windows, SIMATIC IPC647D All versions, SIMATIC IPC647E All versions with maxView Storage Manager 4.09.00.25611 on Windows, SIMATIC IPC847D All versions,...
SUSE CVE-2016-7141
curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has...
curl: Re-using connection with wrong client cert
It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate...
SUSE-SU-2016:2449-1 Security update for curl
This update for curl fixes the following issues: - CVE-2016-5419: TLS session resumption client cert bypass bsc991389 - CVE-2016-5420: Re-using connections with wrong client cert bsc991390 - CVE-2016-7141: Fixed incorrect reuse of client certificates bsc997420...