UBUNTU-CVE-2025-14575

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

GHSA-M9GH-789G-Q5PV Elasticsearch PKI Realm Authentication Bypass Vulnerability Allows User Impersonation Through Crafted Client Certificates

Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority...

EUVD-2022-41706

Malicious code in bioql PyPI...

Update NetScaler Console certificate

NetScaler Console allows you to replace the default inbuilt database certificates with your own certificates from a trusted certificate authority. You can also configure your own cipher suites in the NetScaler Console database. This feature provides greater flexibility and security for your...

IBM WebSphere Application Server 8.5.x < 8.5.5.27 / 9.x < 9.0.5.21 Information Disclosure (7165511)

The version of IBM WebSphere Application Server running on the remote host is affected by an information disclosure vulnerability as referenced in the 7165511 advisory. - IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. A...

CVE-2023-50314

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713...

CVE-2023-50314 IBM WebSphere Application Server Libery information disclosure

IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.8 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274713...

CVE-2023-50314

CVE-2023-50314 impacts IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.8. The IBM bulletin notes an attacker with network access could perform spoofing and obtain sensitive information by exploiting improper certificate validation using a certificate from a trusted CA. A...

CVE-2023-50315

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714...

CVE-2023-50315 IBM WebSphere Application Server information disclosure

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714...

CVE-2023-50315

CVE-2023-50315 affects IBM WebSphere Application Server 8.5 and 9.0. The provided documents describe an information disclosure risk via spoofing attacks where an attacker with network access could leverage a certificate from a trusted authority to obtain sensitive data. The issue is tied to impro...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to information disclosure (CVE-2023-50314)

Summary IBM WebSphere Application Server Liberty is vulnerable to information disclosure. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liberty could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this...

IBM WebSphere Application Server 8.5.0.0 < 8.5.5.24, 9.0.0.0 < 9.0.5.16 MitM (6987779)

The IBM WebSphere Application Server running on the remote host is affected by a man-in-the-middle vulnerability. IBM WebSphere Application Server 8.5 and 9.0, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to...

BlackHat issues resolved: Windows programs digital signature verification“vulnerability”-vulnerability warning-the black bar safety net

In this year's black hat conference, foreign a security researcher shows how by the Windows digital signature bypass for malicious code detection. Download the General Assembly of the presentation of the ppt probably looked at it, the report is divided into two parts, the first part shows the...

USN-2945-1 xchat-gnome vulnerability

It was discovered that XChat-GNOME incorrectly verified the hostname in an SSL certificate. An attacker could trick XChat-GNOME into trusting a rogue server's certificate, which was signed by a trusted certificate authority, to perform a machine-in-the-middle attack...

PHP 5.4.x < 5.4.23 OpenSSL openssl_x509_parse() Memory Corruption

According to its banner, the version of PHP 5.4.x installed on the remote host is a version prior to 5.4.23. It is, therefore, potentially affected by a memory corruption flaw in the way the opensslx509parse function of the PHP OpenSSL extension parsed X.509 certificates. A remote attacker could...

Critical: Red Hat Security Advisory: php security update

Updated php packages that fix one security issue are now available for Red Hat Enterprise Linux 3 and 4 Extended Life Cycle Support. The Red Hat Security Response Team has rated this update as having critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Updated ruby packages fix CVE-2013-4073

A vulnerability in Ruby's SSL client that could allow man-in-the-middle attackers to spoof SSL servers via valid certificate issued by a trusted certification authority CVE-2013-4073...