CVE-2024-32928

The libcurl CURLOPTSSLVERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through...

CVE-2024-32928

The libcurl CURLOPTSSLVERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through...

CollectorStealerBuilder Panel 2.0.0 Man-In-The-Middle Vulnerability

The panel for Collector Stealer malware version 2.0.0 suffers from a man-in-the-middle vulnerability. Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/54530f88c8e4f4371c9418f00c256b1dB.txt Contact: email protected Media: twitter.com/malvuln Threat:...

CVE-2013-6422

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...

Debian DSA-2798-1 : curl - unchecked ssl certificate host name

Scott Cantor discovered that curl, a file retrieval tool, would disable the CURLOPTSSLVERIFYHOST check when the CURLOPTSSLVERIFYPEER setting was disabled. This would also disable ssl certificate host name checks when it should have only disabled verification of the certificate trust chain. The...

CVE-2006-4499

CVE-2006-4499 affects ModernBill 5.0.4 and earlier. The root cause is insecure cURL SSL settings (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST) that do not verify certificates, allowing remote attackers to read network traffic via a MITM. The connected documents confirm the MITM risk and tra...