EUVD-2021-1985

Malware in sbrugna...

podman -- TLS connection used to pull VM images was not validated

RedHat, Inc. reports: A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack...

CVE-2024-28162

In Jenkins Delphix Plugin 3.0.1 through 3.1.0 both inclusive a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation...

Important: Red Hat Security Advisory: ACS 4.6 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes RHACS. The updated image includes security and bug fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which giv...

OpenJDK: certificate validation issue in TLS session negotiation (8298310)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit...

CVE-2020-16163

An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent...