CVE-2024-39689

A flaw was found in Certifi, a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certain versions of Certifi recognized root certificates from 'GLOBALTRUST'. However, pursuant to an investigation that identifi...

CVE-2023-38699 MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with verify=False disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version...

Integer overflow

Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as we...

HashiCorp Vault 信任管理问题漏洞

Hashicorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp USA. A security vulnerability exists in HashiCorp Vault versions 1.5.1 and later that stems from an inability to validate TLS certificates...

evolution security and bug fix update

evolution 3.28.5-9 - Add patch for RH bug 1724984 ECompEditor Ensure attendee changes stored before save 3.28.5-8 - Add patch for RH bug 1724659 Make sure intltool-merge cache is created only once 3.28.5-7 - Add patch for RH bug 1724232 Help Contents F1 has a bad link to GNOME site...

Azure IoT SDK Spoofing Vulnerability

A spoofing vulnerability exists for the C and Java SDKs in the Azure IoT Device Provisioning AMQP Transport library which improperly validates certificates over the AMQP protocol. The same vulnerability exists for the C SDK in the Azure IoT Device library running on Windows devices. An attacker w...

CVE-2018-0786

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."...

Flash Seats Mobile App for Android and iOS fails to validate SSL certificates

Overview Flash Seats Mobile App for Android, version 1.7.9 and earlier, and for iOS, version 1.9.51 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295: Improper...

OpenSSL multiple security vulnerabilities

DoS, incorrect fingerprint handling, insufficient certificates validation, downgrade attacks, authentication bypass...

CVE-2014-3404

Cisco IOS XE's Autonomic Networking Infrastructure (ANI) has a certificate validation vulnerability (CVE-2014-3404) due to incomplete certificate validation in the ANI component. A remote attacker could send crafted messages to the ANI device and cause acceptance of an invalid message. The Cisco ...

Google Fixes 28 Security Flaws in Chrome 33

Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. One of the...

Multiple browsers certificates validation weakness

Wildmasks in certificates issued to IP address are enabled...

Security fix for the ALT Linux 5 package fetchmail version 6.3.13-alt1

Jan. 1, 2010 Afanasov Dmitry 6.3.13-alt1 - 6.3.13 + new "softbounce" global option; + CVE-2009-2666: improper SSL/TLS X.509 certificates validation fixed in 6.3.11; + translation updates; see NEWS for details...