14 matches found
Improper Authentication And Authorization
kubevirt.io/kubevirt is vulnerable to improper authentication and authorization. The vulnerability is due to improper validation of the Common Name CN field in client TLS certificates during mTLS authentication, which allows an attacker to bypass RBAC controls by impersonating the Kubernetes API...
EUVD-2008-6976
Malware in sbrugna...
Command injection
An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request CSR action...
Man-in-the-middle Attack
Git is vulnerable to man-in-the-middle attack. The SSL X.509 v3 certificate validation on the IMAP server's certificate does not check that the server's hostname matched the one provided in the CN field of the server's certificate...
CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix
It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...
CVE-2014-0139
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certifica...
CVE-2009-2825
Certificate Assistant in Apple Mac OS X before 10.6.2 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a...
CVE-2009-3767
libraries/libldap/tlso.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers vi...
CVE-2009-3765
CVE-2009-3765 affects mutt (versions 1.5.19/1.5.20) when built with OpenSSL: it mishandles a '\0' in the domain name of the X.509 certificate’s CN, enabling MITM spoofing of SSL servers via certificates from a legitimate CA. The vulnerability is described as related to CVE-2009-2408. The provided...
libneon certificate spoofing
Invalid NULL character processing in CN field...
CVE-2009-2474
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...
Cross site scripting
Cross-site scripting XSS vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN CommonName field in the subject of an X.509 certificate...
Ruby Net::HTTPS library certificates validation cryptographic vulnerability
Certificate's CN field is not validated against DNS name, making it's possible to use valid certificate with wrong CN...
w3m browser format string vulnerability
Format string culnerability on certificate CN field...