PT-2025-20320 · Crates.Io · Mithril-Client

Impact Mithril certification of Cardano database The Mithril network provides certification for snapshots of the Cardano database, enabling users to quickly bootstrap a Cardano node without relying on the slower peer-to-peer synchronization process. To generate a multi-signature, a minimum...

Cert-SSB: toward Certified Sample-Specific Backdoor Defense

Deep neural networks DNNs are vulnerable to backdoor attacks, where an attacker manipulates a small portion of the training data to implant hidden backdoors into the model. The compromised model behaves normally on clean samples but misclassifies backdoored samples into the attacker-specified...

Fedora 41 : rpki-client (2025-17fed14cc3)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-17fed14cc3 advisory. rpki-client 9.5 - rpki-client now includes arin.tal which is no longer legally encumbered. See https://www.arin.net/announcements/20250116-tal/ - rpki-client...

Fedora 40 : rpki-client (2025-d5fdbedb7f)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-d5fdbedb7f advisory. rpki-client 9.5 - rpki-client now includes arin.tal which is no longer legally encumbered. See https://www.arin.net/announcements/20250116-tal/ - rpki-client...

Huawei EulerOS: Security Advisory for libtasn1 (EulerOS-SA-2025-1363)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-10445

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via...

How I became a Cyber Essentials Plus assessor

TL;DR What is Cyber Essentials and why does it matter? The role of Cyber Essentials CE and Cyber Essentials Plus CE+ assessors in protecting UK businesses The difference between a CE and CE+ assessor Becoming a CE assessor Becoming a CE+ assessor Challenges I faced and tips for success Introducti...

Linux Distros Unpatched Vulnerability : CVE-2023-0466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The function X509VERIFYPARAMadd0policy is documented to implicitly enable the certificate policy check when doing certificate verification. However the...

Linux Distros Unpatched Vulnerability : CVE-2018-10863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory,...

Linux Distros Unpatched Vulnerability : CVE-2019-3897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat...

Linux Distros Unpatched Vulnerability : CVE-2014-0139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Na...

INE Security Alert: Expediting CMMC 2.0 Compliance

Cary, North Carolina, 26th January 2025, CyberNewsWire...

CVE-2025-20126

A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate...

PT-2025-2327 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue is related to a rejected CVE record due to non-compliance with CNA rules, as it has not been used. No further details are provided abo...

PT-2025-2333 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue is related to a rejected CVE record due to non-compliance with CNA rules, as it has not been used. No further details are provided abo...

Amazon Linux 2 : python-pip (ALAS-2024-2715)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2715 advisory. Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the sa...

Medium: python3.11-pip

Issue Overview: Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made with verify=False to disable cert verification, all subsequent requests to the same host will continue to ignore cert verification regardless of changes to th...

CVE-2024-5921

An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...

CVE-2024-5921

CVE-2024-5921 : Palo Alto Networks GlobalProtect app suffers from insufficient certificate validation, allowing the client to connect to arbitrary servers. This can enable a local non-admin user or an attacker on the same subnet to install malicious root certificates and subsequently execute malw...

GHSA-R4PG-VG54-WXX4 vulnerabilities

Vulnerabilities for packages: cert-manager-istio-csr, cert-manager, step-issuer, cert-manager-cmctl, cert-exporter-fips, cert-exporter, aws-privateca-issuer, cert-manager-cmctl-fips, cert-manager-webhook-pdns-fips, cert-manager-fips, cert-manager-webhook-pdns, aws-privateca-issuer-fips,...