9 matches found
CVE-2026-45388
In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication because of KeyUsage and ExtendedKeyUsage...
CVE-2026-24066
Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.tool2. The helper validates connecting XPC clients by checking only the subject.OU value of the...
CVE-2025-34235 Vasion Print (formerly PrinterLogic) Weak SSL/TLS Certificate Validation RCE
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 Windows client deployments contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can...
Security Bulletin: IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689
Summary IBM Maximo Application Suite - IBM Asset Data Dictionary Component uses certifi-2024.2.2-py3-none-any.whl which is vulnerable to CVE-2024-39689. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-39689 DESCRIPTION: Certifi...
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
A weak low bit strength device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle MitM attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker...
CVE-2024-3387 PAN-OS: Weak Certificate Strength in Panorama Software Leads to Sensitive Information Disclosure
A weak low bit strength device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle MitM attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker...
Palo Alto Networks PAN-OS 10.1.x < 10.1.12 / 10.2.x < 10.2.8 / 11.0.x < 11.0.4 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 10.1.x prior to 10.1.12 or 10.2.x prior to 10.2.8 or 11.0.x prior to 11.0.4. It is, therefore, affected by a vulnerability. - A weak low bit strength device certificate in Palo Alto Networks Panorama software enables an attack...
SUSE CVE-2022-46153
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2018-18975
An issue was discovered in the Ascensia Contour NEXT ONE app for iOS before 2019-01-15. An attacker may proxy communications between the app and Ascensia backend servers because of a weak certificate-pinning implementation, leading to disclosure of medical information...