GHSA-PGH9-MPWC-8JJF Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

Impact A vulnerability has been identified in the SUSE Virtualization Harvester Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-midd...

CVE-2022-40620

FunJSQ, a third-party module integrated on some NETGEAR routers and Orbi WiFi Systems, does not properly validate TLS certificates when downloading update packages through its auto-update mechanism. An attacker suitably positioned on the network could intercept the update request and deliver a...

Insecure Certificate Validation

aws/aws-iot-device-sdk-js-v2 is vulnerable to Insecure Certificate Validation. Attackers are able to compromise certificate authorities in their trust stores on Linux/Unix, by spoofing DNS records to bypass CA pinning...

Insecure Certificate Validation

globalpayments/php-sdk is vulnerable to insecure certificate validation. The vulnerability exists in the sendRequest function in Gateway.php as it does not properly enforce the SSL certificate validations...

Information disclosure

The United Heritage Mobile aka FiMobile.UHCU application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...