CVE-2026-33896

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

CVE-2026-30836

A flaw was found in Step CA, an online certificate authority. A remote attacker can exploit this vulnerability by sending an unauthenticated SCEP Simple Certificate Enrollment Protocol Update Request. This allows the attacker to issue unauthorized certificates, potentially leading to a compromise...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the American company Google. A security vulnerability exists in Google Android that stems from a privilege bypass issue in the CertInstaller.java file, which could lead to the installation of certificates...

PT-2024-13750 · Bitdefender · Bitdefender Total Security

Name of the Vulnerable Software and Affected Versions: Bitdefender Total Security versions prior to the latest version Description: A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't...

Code injection

When installing the Net2 software a root certificate is installed into the trusted store. A potential hacker could access the installer batch file or reverse engineer the source code to gain access to the root certificate password. Using the root certificate and password they could then create...

CLSA-2023-1689701258 Fix CVE(s): CVE-2021-20230

SECURITY UPDATE: Attacker bypasses redirection using unauthorized CA-signed certificate. - debian/patches/CVE-2021-20230.patch: Patch enhancing certificate verification process to prevent unauthorized redirection with CA-signed certificates by refining session data checks. - CVE-2021-20230 Fix...

CVE-2023-1664

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...

CVE-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy

Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage...

CVE-2021-35497

The FTL Server tibftlserver and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FT...

The NSA Warns of TLS Inspection

The NSA has released a security advisory warning of the dangers of TLS inspection: Transport Layer Security Inspection TLSI, also known as TLS break and inspect, is a security process that allows enterprises to decrypt traffic, inspect the decrypted content for threats, and then re-encrypt the...

CVE-2017-8445

CVE-2017-8445 affects Elasticsearch X-Pack Security TLS trust manager in versions 5.0.0–5.5.1. If trust material reload fails, the trust manager can be replaced with an instance that trusts all certificates, potentially allowing any node using any certificate to join a cluster. The authenticated ...

Apple Leaves CNNIC Root in iOS, OSX Certificate Trust Lists

When it was revealed late last month that a Chinese certificate authority had allowed an intermediate CA to issue unauthorized certificates for some Google domains, both Google and Mozilla reacted quickly and dropped trust in CNNIC altogether, Apple has kept the root certificates in its trusted...

CA Tied to Chinese Registrar Issued Unauthorized Google Certificates

Google security engineers, investigating fraudulent certificates issued for several of the company’s domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for...

Certificate update

Security Certificate update Share December 9th, 2013 Last week we became aware of the existence of several unauthorized security certificates, issued in violation of rules for creation of such certificates. The certificates chained back to a French certificate authority, ANSSI, and had been signe...

TURKTRUST Incident Raises Renewed Questions About CA System

The series of missteps and failures that led to a Turkish government-related agency eventually ending up with a valid wild card certificate for Google domains began in June 2011 when the TURKTRUST certificate authority began preparing for an audit of its systems and started moving some certificat...

Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)

Microsoft Windows operating system is prone to a digital certificates spoofing vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)

The host is installed with Microsoft Windows operating system and is prone to digital certificates spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbunauthdigitalcertspoofingvuln.nasl 5341 2017-02-18 16:59:12Z cfi $ Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerabilit...