Lucene search
K

50 matches found

redhat
redhat
added 2026/06/11 1:24 p.m.8 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References4
nessus
nessus
added 2026/05/04 12:0 a.m.13 views

RHCOS 4 : OpenShift Container Platform 4.14.10 (RHSA-2024:0292)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0292 advisory. - golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 Note that Nessus has not tested for th...

5.3CVSS6.8AI score0.01328EPSS
Exploits0References5
debian
debian
added 2026/03/30 3:20 p.m.23 views

[SECURITY] [DLA 4518-1] phpseclib security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS -...

8.2CVSS5.9AI score0.00376EPSS
Exploits1
cnnvd
cnnvd
added 2026/03/17 12:0 a.m.24 views

GL-iNet Comet 安全漏洞

GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of certificate verification during the initialization process when connecting to the GL-iNet site. This vulnerabili...

6.3CVSS6AI score0.00332EPSS
Exploits0References3
snyk
snyk
added 2026/02/16 5:2 a.m.1 views

Improper Verification of Cryptographic Signature

Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow ...

9.1CVSS5.9AI score0.00225EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/03 12:0 a.m.8 views

ASUSTOR ADM 安全漏洞

ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the API communication component not verifyin...

8.9CVSS5.8AI score0.00204EPSS
Exploits0References1
nessus
nessus
added 2026/01/14 12:0 a.m.5 views

MiracleLinux 4 : tigervnc-1.0.90-0.15.20110314svn4359.AXS4.1 (AXSA:2011-641:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-641:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is runnin...

5.8CVSS8AI score0.0129EPSS
Exploits0References2
osv
osv
added 2026/01/12 3:56 p.m.5 views

CVE-2025-71063

Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...

8.2CVSS6.8AI score0.00135EPSS
Exploits0References7
nessus
nessus
added 2025/11/20 12:0 a.m.7 views

TencentOS Server 4: libnbd (TSSA-2024:0621)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0621 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.4CVSS7.2AI score0.0039EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-7501

Malware in sbrugna...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References4
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-6651

Malware in sbrugna...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-13609

Malicious code in bioql PyPI...

6CVSS6.6AI score0.00108EPSS
Exploits0References2
susecve
susecve
added 2025/08/14 2:53 a.m.5 views

SUSE CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

9.8CVSS7.6AI score0.00901EPSS
Exploits5References3
snyk
snyk
added 2025/08/01 11:42 p.m.3 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...

9.8CVSS8.1AI score0.00901EPSS
Exploits5References2
nessus
nessus
added 2025/07/30 12:0 a.m.6 views

Tenable.ad < 3.77.12 Multiple Vulnerabilities (TNS-2025-14)

The version of Tenable.ad installed on the remote host is prior to 3.77.12. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-14 advisory. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcu...

7.5CVSS6.9AI score0.01226EPSS
Exploits5References7
bdu_fstec
bdu_fstec
added 2025/04/24 12:0 a.m.11 views

The vulnerability of the SSH plugin of the JetBrains Toolbox, a set of development tools, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the SSH plugin in the JetBrains Toolbox suite is related to incorrect verification of the certificate’s authenticity. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...

4.2CVSS5.5AI score0.00176EPSS
Exploits0References2Affected Software1
osv
osv
added 2025/01/09 3:15 p.m.5 views

UBUNTU-CVE-2023-24010

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS5.9AI score0.00332EPSS
Exploits0References3
bdu_fstec
bdu_fstec
added 2024/11/20 12:0 a.m.8 views

The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a attacker to execute a type of “man-in-the-middle” attack.

The vulnerability of the OpenID Connect OIDC implementation in the IT service management tool Ivanti Neurons for ITSM is related to improper verification of certificates. Exploiting this vulnerability could allow a malicious actor to execute a “man-in-the-middle” attack...

8.3CVSS8AI score0.00542EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/08/23 2:26 p.m.7 views

CVE-2024-37311 Collabora Online's remote host TLS certificates are not fully verified

Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora...

8.2CVSS6.9AI score0.00229EPSS
Exploits0References3
jvn
jvn
added 2024/04/22 6:27 a.m.3 views

LINE client for iOS vulnerable to improper server certificate verification

Overview The financial module within LINE client for iOS lacks server certificate verification in log transmission CWE-295, CVE-2023-5554. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The communication may be eavesdropped under a...

9.8CVSS6.5AI score0.00217EPSS
Exploits0References5
Rows per page
Query Builder