36 matches found
Palo Alto Networks GlobalProtect app 信任管理问题漏洞
The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app has a trust management vulnerability caused by improper certificate verification. This vulnerability allows attackers to intercept encrypted communications and...
Security Bulletin:Requests SSL Verification Issue Fixed in 2.32.0
Summary Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to the value ...
MiracleLinux 7 : rh-nodejs14-nodejs-14.20.1-2.el7 (AXSA:2022-3900:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3900:01 advisory. nodejs: Improper handling of URI Subject Alternative Names CVE-2021-44531 nodejs: Certificate Verification Bypass via String Injection CVE-2021-4453...
EUVD-2021-26783
Malware in sbrugna...
EUVD-2014-7451
Malware in sbrugna...
EUVD-2014-6835
Malware in sbrugna...
EUVD-2014-6583
Malware in sbrugna...
EUVD-2014-5793
Malware in sbrugna...
EUVD-2014-5831
Malware in sbrugna...
EUVD-2014-5865
Malware in sbrugna...
EUVD-2014-5554
Malware in sbrugna...
EUVD-2015-0247
Malware in sbrugna...
EUVD-2025-12660
Malicious code in bioql PyPI...
EUVD-2024-25842
Malicious code in bioql PyPI...
EUVD-2024-36569
Malicious code in bioql PyPI...
CVE-2025-54424
1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...
CVE-2021-34433
In Eclipse Californium version 2.0.0 to 2.6.4 and 3.0.0-M1 to 3.0.0-M3, the certificate based x509 and RPK DTLS handshakes accidentally succeeds without verifying the server side's signature on the client side, if that signature is not included in the server's ServerKeyExchange...
CVE-2011-5242
tmhOAuth before 0.61 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Alibaba Cloud Linux 3 : 0205: container-tools:rhel8 (ALINUX3-SA-2024:0205)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0205 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2024-24783: Verifying a certificate...
Amazon Linux 2 : python3-requests (ALAS-2025-2846)
The version of python3-requests installed on the remote host is prior to 2.14.2-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2846 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is mad...