GHSA-QWFW-GGXW-577C ex_webrtc client-role handshake is missing DTLS peer fingerprint validation

Summary Missing DTLS peer certificate fingerprint validation in the DTLS client active role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with...

Kubevirt 授权问题漏洞

Kubevirt is an open source virtual machine manager from KubeVirt. An authorization issue vulnerability exists in Kubevirt versions prior to 1.5.3 and prior to 1.6.1, which stems from a flaw in the peer validation logic in virt-handler, which could allow an attacker to impersonate the virt-api and...

Design/Logic Flaw

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable...