Siemens Mendix SAML Module Certification Bypass Vulnerability (CNVD-2023-17659)

The Mendix SAML Module allows the use of SAML to authenticate users in cloud applications. The module can communicate with any identity provider that supports SAML 2.0 or Shibboleth. An authentication bypass vulnerability exists in Siemens Mendix SAML Module, which stems from inadequate validatio...

FAQ: Transitioning to the highly anticipated new revision of ISO 27001

For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

Check MK < 2.0.0p34, 2.1.x < 2.1.0p24 Certification Validation Vulnerability

Check MK is prone to a certification validation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; ...

kernel security and bug fix update

4.18.0-425.13.17.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

K15151: pyOpenSSL vulnerability CVE-2013-4314

Security Advisory Description The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

K16937: OpenSSL vulnerability CVE-2015-1793

Security Advisory Description Description The X509verifycert function in crypto/x509/x509vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints CA values during identification of alternative certificate chains, which allows remote attackers to spoof ...

K15638: Python vulnerability CVE-2013-4238

Security Advisory Description The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL server...

SUSE CVE-2020-24979

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

JSA10463 - OpenLDAP doesn't properly handle character in subject Common Name (CVE-2009-3767)

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A TLS library in OpenLDAP, when OpenSSL is used, does not properly handle a '\0' NULL character in a domain name in the subject's Common Name CN field of an X.509 certificate, which...

Improper Certificate Validation

lemonldap-ng is vulnerable to Improper Certificate Validation. X.509 certificate by default is not validated when connecting to remote LDAP backends which allows an attacker to bypass the certification validation...

CVE-2022-46237

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2022-46229

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2022-46195

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

RHEL 8 : sssd (RHSA-2023:0442)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0442 advisory. The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It...

FedRAMP just got better – and is here to stay

Today, President Biden signed the National Defense Authorization Act NDAA, taking a giant step forward in securing the federal governments cloud-first mission. The FedRAMP® Federal Risk and Authorization Management Program Authorization Act, outlined in section 5921 of the NDAA, formalizes the...

CVE-2022-39919

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

Improper Certification Validation

certifi is vulnerable to improper certificate validation. The vulnerability exists due to an untrustworthy certificate authority TrustCor root certificate, which are now marked as invalid...

Ease Your Cybersecurity Maturity Model Certification Journey With Qualys

The Cybersecurity Maturity Model Certification CMMC is a cybersecurity training, certification, and assessment program from the United States Department of Defense DoD. CMMC is designed to provide increased assurance to the DoD that a contractor can adequately protect controlled unclassified...

CVE-2022-45146

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...