CVE-2024-49369

CVE-2024-49369 affects Icinga2 TLS certificate validation from version 2.4.0, enabling impersonation of trusted cluster nodes or API users using client certificates. Fixed in Icinga 2.14.3, 2.13.10, 2.12.11, and 2.11.12. The connected Nessus/ALPINE entries confirm the vulnerability and the fix ve...

Code injection

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to...

Input validation

The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation...

CVE-2009-0128

plugins/crypto/openssl/cryptoopenssl.c in Simple Linux Utility for Resource Management aka SLURM or slurm-llnl does not properly check the return value from the OpenSSL EVPVerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS...