9 matches found
EUVD-2021-1641
Malware in sbrugna...
Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680624)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680624 advisory. The X509VFLAGX509STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL...
kernel: net/sched: ets: use old 'nbands' while purging unused classes
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported schets test-case 1 crashing in etsclassqlennotify after recent changes from Lion 2. The problem is: in etsqdiscchange we purge unused DWRR queues; the...
Cross-Site Request Forgery (CSRF) in star7th/showdoc
Description You set the strict flag only for one of your cookies named cookietoken but in Team management attacker still can delete or add teams with CSRF vulnerability as the cookie with name PHPSESSID don't have strict flag. Proof of Concept 1.replace 38046 with the team id 2.open poc.html and...
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...
openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT
A flaw was found in openssl. The flag that enables additional security checks of certificates present in a certificate chain was not enabled allowing a confirmation step to verify that certificates in the chain are valid CA certificates is bypassed. The highest threat from this vulnerability is t...
The vulnerability of the X509_V_FLAG_X509_STRICT configuration implementation in the OpenSSL library allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the X509VFLAGX509STRICT configuration in the OpenSSL library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
MGASA-2021-0176 Updated openssl packages fix security vulnerability
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signaturealgorithms extension where it was present in the initial ClientHello, but includes a signaturealgorithmscert extension then a NU...