Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.10 views

CVE-2026-42790

A flaw was found in Erlang OTP publickey. This improper certificate validation vulnerability allows a subordinate Certificate Authority CA with restricted DNS nameConstraints to bypass these restrictions. By issuing a leaf certificate that lacks a Subject Alternative Name SAN but contains a craft...

8.1CVSS5.8AI score0.00338EPSS
Exploits0References10
OSV
OSV
added 2026/05/06 8:16 p.m.7 views

GHSA-PGH9-MPWC-8JJF Harvester's SUSE Virtualization Registration Client Vulnerable to MITM and DOS

Impact A vulnerability has been identified in the SUSE Virtualization Harvester Rancher integration mechanism where by default the registration client uses an insecure TLS option that fails to verify the remote server’s certificate. This security gap could allow the execution of a man-in-the-midd...

8.6CVSS6AI score0.00208EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/15 11:39 a.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority. Note: This is only exploitable if the attacker...

7.6CVSS6.5AI score0.0016EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2021/01/13 12:0 a.m.36 views

go -- cmd/go: packages using cgo can cause arbitrary code execution at build time; crypto/elliptic: incorrect operations on the P-224 curve

The Go project reports: The go command may execute arbitrary code at build time when cgo is in use on Windows. This may occur when running "go get", or any other command that builds code. Only users who build untrusted code and don't execute it are affected. In addition to Windows users, this can...

8.1AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/09/15 6:29 p.m.18 views

CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

7.5CVSS7AI score0.00848EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/09/15 6:0 p.m.15 views

CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

7.5CVSS7.5AI score0.00848EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/09/14 9:18 a.m.17 views

CVE-2017-2299

Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the sslca parameter but do not specify the sslcertsdir parameter, a default will be provided for the sslcertsdir that will trust certificates from any of the...

7.5CVSS3.9AI score0.00848EPSS
Exploits0References2
Rows per page
Query Builder