Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.16 views

CVE-2022-31183

fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...

9.8CVSS6.7AI score0.00629EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2023/01/19 5:51 p.m.28 views

jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS3.9AI score0.006EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/07/29 10:24 p.m.2 views

GHSA-2CPX-6PQP-WF35 fs2-io skips mTLS client verification

Impact When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely...

9.8CVSS5.9AI score0.00629EPSS
Exploits1References7
securityvulns
securityvulns
added 2014/07/21 12:0 a.m.52 views

[USN-2292-1] LWP::Protocol::https vulnerability

========================================================================== Ubuntu Security Notice USN-2292-1 July 17, 2014 liblwp-protocol-https-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

0.6AI score0.01602EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2014/07/18 12:0 a.m.20 views

Ubuntu 14.04 LTS : LWP::Protocol::https vulnerability (USN-2292-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-2292-1 advisory. It was discovered that the LWP::Protocol::https perl module incorrectly disabled peer certificate verification completely when only hostname verification was...

5.9CVSS6AI score0.01602EPSS
Exploits1References2
RubySec
RubySec
added 2009/12/07 12:0 a.m.21 views

jruby-openssl Gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...

7.5CVSS3.9AI score0.006EPSS
Exploits0References1Affected Software1
curl security advisories
curl security advisories
added 2007/07/10 8:0 a.m.6 views

GnuTLS insufficient cert verification

libcurl when built to use GnuTLS fails to verify that a peer's certificate has not already expired or has not yet become valid. This allows malicious servers to present certificates to libcurl that were not rejected properly. Notably, the CA certificate and common name checks are still in place...

7.5CVSS5.2AI score0.02297EPSS
Exploits0Affected Software2
Rows per page
Query Builder