9 matches found
Design/Logic Flaw
e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...
CVE-2021-44273
e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...
CVE-2021-44273
e2guardian v5.4.x = v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode i.e., acting as a proxy or a transparent proxy, with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers...
Razer US: Razer Synapse 3 Chromasdk.io Root CA with Private Key Re-use
The researcher found that a root certificate was preinstalled with the Chroma SDK with a exposed private key. He assisted us in testing a fix. This was integrated into the codebase in May and published at the end of June. We appreciate his assistance working with us on this issue. Razer Synapse 3...
CA Tied to Chinese Registrar Issued Unauthorized Google Certificates
Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for...
Updated KDE 4 and related packages move to KDE 4.12.5
This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw CVE-2014-3494 - mga13545 - KAuth PID Reuse...
Puppet Enterprise < 3.0.1 Multiple Vulnerabilities
According to its self-reported version number, the Puppet Enterprise install on the remote host is a version prior to 3.0.1. As a result, it reportedly has multiple vulnerabilities: - An error exists related to the included Ruby SSL client that could allow man-in-the-middle attacks. CVE-2013-4073...
[Vega v1.0] Web Application Security Scanner
Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting XSS, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux , OS X , and Window...
SSL MITM Vulnerability
Exploit for unknown platform in category remote exploits ====================== SSL MITM Vulnerability ====================== Title: SSL MITM Vulnerability CVE-ID: OSVDB-ID: Author: Pavel Kankovsky Published: 2009-11-09 Verified: yes view source print? include include include include include...