50 matches found
openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...
RHCOS 4 : OpenShift Container Platform 4.14.10 (RHSA-2024:0292)
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0292 advisory. - golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 Note that Nessus has not tested for th...
[SECURITY] [DLA 4518-1] phpseclib security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-4518-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta March 30, 2026 https://wiki.debian.org/LTS -...
GL-iNet Comet 安全漏洞
GL-iNet Comet is a portable, multi-functional network device developed by GL-iNet Corporation in China. There is a security vulnerability in GL-iNet Comet, which stems from the lack of certificate verification during the initialization process when connecting to the GL-iNet site. This vulnerabili...
Improper Verification of Cryptographic Signature
Overview org.webjars.npm:jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic and the related DSA/X509 verification flow ...
ASUSTOR ADM 安全漏洞
ASUSTOR ADM is a dedicated operating system developed by ASUSTOR Technology ASUSTOR for all ASUSTOR NAS devices. Vulnerabilities exist in versions 4.1.0 to 4.3.3.ROF1, and from version 5.0.0 to 5.1.1.RCI1 of ASUSTOR ADM. These vulnerabilities stem from the API communication component not verifyin...
MiracleLinux 4 : tigervnc-1.0.90-0.15.20110314svn4359.AXS4.1 (AXSA:2011-641:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-641:01 advisory. Virtual Network Computing VNC is a remote display system which allows you to view a computing 'desktop' environment not only on the machine where it is runnin...
CVE-2025-71063
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers...
TencentOS Server 4: libnbd (TSSA-2024:0621)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0621 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2014-7501
Malware in sbrugna...
EUVD-2014-6651
Malware in sbrugna...
EUVD-2025-13609
Malicious code in bioql PyPI...
SUSE CVE-2025-54424
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...
Arbitrary Command Injection
Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to incomplete certificate verification during HTTPS communication between Core and Agent endpoints. An attacker can execute arbitrary commands with high privileges by bypassing authentication and accessin...
Tenable.ad < 3.77.12 Multiple Vulnerabilities (TNS-2025-14)
The version of Tenable.ad installed on the remote host is prior to 3.77.12. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2025-14 advisory. - Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcu...
The vulnerability of the SSH plugin of the JetBrains Toolbox, a set of development tools, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the SSH plugin in the JetBrains Toolbox suite is related to incorrect verification of the certificate’s authenticity. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...
UBUNTU-CVE-2023-24010
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
The vulnerability of the OIDC protocol implementation in the IT service management tool Ivanti Neurons for ITSM allows a attacker to execute a type of “man-in-the-middle” attack.
The vulnerability of the OpenID Connect OIDC implementation in the IT service management tool Ivanti Neurons for ITSM is related to improper verification of certificates. Exploiting this vulnerability could allow a malicious actor to execute a “man-in-the-middle” attack...
CVE-2024-37311 Collabora Online's remote host TLS certificates are not fully verified
Collabora Online is a collaborative online office suite based on LibreOffice. In affected versions of Collabora Online, https connections from coolwsd to other hosts may incompletely verify the remote host's certificate's against the full chain of trust. This vulnerability is fixed in Collabora...
LINE client for iOS vulnerable to improper server certificate verification
Overview The financial module within LINE client for iOS lacks server certificate verification in log transmission CWE-295, CVE-2023-5554. LINE Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact The communication may be eavesdropped under a...