GHSA-QRQR-3X5J-2XW9 Docker Authentication Bypass

An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root...

UBUNTU-CVE-2020-35733

An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority...

Code injection

Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...

Savitech driver packages for Windows man-in-the-middle attack vulnerability

Savitech driver packages for Windows is a driver package for signal processing chips based on the Windows platform. A security vulnerability exists in the Savitech driver packages for Windows-based platforms that originates when a program installs a self-signed certificate into the Trusted Root...

CVE-2016-0818

The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to...