188 matches found
[SECURITY] Fedora 44 Update: python-urllib3-2.7.0-1.fc44
urllib3 is a powerful, user-friendly HTTP client for Python. urllib3 brings many critical features that are missing from the Python standard libraries: =E2=80=A2 Thread safety. =E2=80=A2 Connection pooling. =E2=80=A2 Client-side SSL/TLS verification. =E2=80=A2 File uploads with multipart encoding...
cPanel 信任管理问题漏洞
cPanel is a web-based automated hosting platform developed by the cPanel company in the United States. This platform is primarily used for automating the management of websites and servers. cPanel has a vulnerability related to trust management, which stems from the disabled SSL verification in t...
CVE-2026-42312
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
PYSEC-2026-126
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...
Apache Storm Prometheus Reporter 信任管理问题漏洞
Apache Storm Prometheus Reporter is a monitoring component developed by the Apache Foundation that converts metrics from distributed stream processing systems into Prometheus format. Versions 2.6.3 to 2.8.6 of Apache Storm Prometheus Reporter contain vulnerabilities related to trust management...
JLSEC-2026-29
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...
Important: Red Hat Security Advisory: Satellite 6.16.7 Async Update
An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
foreman-kubevirt: foreman_kubevirt: Man-in-the-Middle due to insecure default SSL verification
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
Ubuntu: Security Advisory (USN-8045-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-67752
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...
CVE-2025-67752
OpenEMR prior to version 7.0.4 disables SSL certificate verification in its HTTP client wrapper (oeHttp/oeHttpRequest) by default, setting verify: false. This creates a MITM risk for all HTTPS connections, including communications with government healthcare APIs and other external services, and c...
CVE-2026-1531
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
CVE-2026-1531
CVE-2026-1531 affects foreman_kubevirt. When configuring the connection to OpenShift, SSL verification is disabled if a CA certificate is not explicitly provided, creating an insecure default. This enables a potential MITM when traffic between Satellite and OpenShift is intercepted, with possible...
CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
CVE-2026-1531 Foreman-kubevirt: foreman_kubevirt: man-in-the-middle due to insecure default ssl verification
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
EUVD-2026-5117
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : wlc vulnerabilities (USN-7981-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7981-1 advisory. It was discovered that wlc did not correctly handle SSL verification. An attacker could possibly use this iss...
CVE-2026-1531
A flaw was found in foremankubevirt. When configuring the connection to OpenShift, the system disables SSL verification if a Certificate Authority CA certificate is not explicitly set. This insecure default allows a remote attacker, capable of intercepting network traffic between Satellite and...
Improper Certificate Validation
Overview foremankubevirt is a Provision and manage Kubevirt Virtual Machines from Foreman. Affected versions of this package are vulnerable to Improper Certificate Validation due to the default configuration disabling SSL verification if a CA certificate is not explicitly provided. An attacker ca...