CVE-2023-49570

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant ...

CVE-2023-49570 Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210)

A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant ...

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtlssslgetverifyresult would...

CVE-2023-1664

Keycloak (X509 Client Certificate Auth with Revalidate Client Certificate) is affected when KC_SPI_TRUSTSTORE_FILE_FILE is misconfigured; a attacker can craft a certificate to be trusted and obtain sensitive information. The IBM bulletin lists Keycloak vulnerability CVE-2023-1664 with a base scor...

CVE-2022-2393

A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not b...

Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: March 2021

On March 25, 2021, the OpenSSL Project released a security advisory, OpenSSL Security Advisory 25 March 2021, "https://www.openssl.org/news/secadv/20210325.txt" that disclosed two vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to use a valid non-certificate authori...

Important: pki-core:10.6 security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: pki-core: Unprivileged users can renew any certificate CVE-2021-20179 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

Input validation

An issue was discovered in Octopus Deploy 3.4. A deployment target can be configured with an Account or Certificate that is outside the scope of the deployment target. An authorised user can potentially use a certificate that they are not in scope to use. An authorised user is also able to obtain...

Design/Logic Flaw

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake...