CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1905 vulnerabilities reference this CWE, most recent first.
GHSA-V8QH-5C5W-48PP
Vulnerability from github – Published: 2025-05-22 15:34 – Updated: 2025-05-22 18:31Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as trusted for that use.
A copy & paste error during minor refactoring of the code introduced this issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate should be trusted only for the purpose of authenticating TLS servers but not for CMS signature verification and the CMS signature verification is intended to be marked as rejected with the -addreject option, the resulting CA certificate will be trusted for CMS signature verification purpose instead.
Only users which use the trusted certificate format who use the openssl x509 command line application to add rejected uses are affected by this issue. The issues affecting only the command line application are considered to be Low severity.
The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this issue.
{
"affected": [],
"aliases": [
"CVE-2025-4575"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T14:16:07Z",
"severity": "MODERATE"
},
"details": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.",
"id": "GHSA-v8qh-5c5w-48pp",
"modified": "2025-05-22T18:31:15Z",
"published": "2025-05-22T15:34:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4575"
},
{
"type": "WEB",
"url": "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa"
},
{
"type": "WEB",
"url": "https://openssl-library.org/news/secadv/20250522.txt"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/05/22/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-V8RR-9CWW-2334
Vulnerability from github – Published: 2023-02-16 18:30 – Updated: 2023-02-27 18:32It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.
{
"affected": [],
"aliases": [
"CVE-2022-27890"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T16:15:00Z",
"severity": "HIGH"
},
"details": "It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution.",
"id": "GHSA-v8rr-9cww-2334",
"modified": "2023-02-27T18:32:02Z",
"published": "2023-02-16T18:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27890"
},
{
"type": "WEB",
"url": "https://github.com/palantir/security-bulletins/blob/main/PLTRSEC-2022-15.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V95X-XHQ5-4929
Vulnerability from github – Published: 2026-07-16 19:12 – Updated: 2026-07-16 19:12When an operator adds an HTTPS control plane profile to kumactl without providing a CA certificate, kumactl disables TLS verification and sends API tokens over the unverified connection
Impact
An attacker on the network path between the operator and the control plane can intercept user or admin API tokens and then act against the control plane as that user
Affected configurations
kumactlprofiles manually added against an HTTPS control plane endpoint without--ca-cert-file
Not affected
- The default local profile, which uses plain HTTP
Workarounds
When adding an HTTPS control plane profile to kumactl, always pass --ca-cert-file pointing at the control plane's serving CA. Alternatively, terminate the control plane behind a publicly trusted certificate; the patched releases will verify successfully against the operating system trust store with no further configuration
Resources
- Fix: https://github.com/kumahq/kuma/pull/16777
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/kumahq/kuma/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.26"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kumahq/kuma/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.9.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kumahq/kuma/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.10.0"
},
{
"fixed": "2.11.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kumahq/kuma/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.12.0"
},
{
"fixed": "2.12.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kumahq/kuma/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.13.0"
},
{
"fixed": "2.13.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/kumahq/kuma"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-50166"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-16T19:12:08Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "When an operator adds an HTTPS control plane profile to `kumactl` without providing a CA certificate, `kumactl` disables TLS verification and sends API tokens over the unverified connection\n\n## Impact\n\nAn attacker on the network path between the operator and the control plane can intercept user or admin API tokens and then act against the control plane as that user\n\n## Affected configurations\n\n- `kumactl` profiles manually added against an HTTPS control plane endpoint without `--ca-cert-file`\n\n## Not affected\n\n- The default local profile, which uses plain HTTP\n\n## Workarounds\n\nWhen adding an HTTPS control plane profile to `kumactl`, always pass `--ca-cert-file` pointing at the control plane\u0027s serving CA. Alternatively, terminate the control plane behind a publicly trusted certificate; the patched releases will verify successfully against the operating system trust store with no further configuration\n\n## Resources\n\n- Fix: https://github.com/kumahq/kuma/pull/16777",
"id": "GHSA-v95x-xhq5-4929",
"modified": "2026-07-16T19:12:08Z",
"published": "2026-07-16T19:12:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kumahq/kuma/security/advisories/GHSA-v95x-xhq5-4929"
},
{
"type": "WEB",
"url": "https://github.com/kumahq/kuma/pull/16777"
},
{
"type": "WEB",
"url": "https://github.com/kumahq/kuma/commit/2ecadac1aa2fd8cded4c2ab768949f4c2ec83e2a"
},
{
"type": "PACKAGE",
"url": "https://github.com/kumahq/kuma"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "kumactl connects to control plane without verifying TLS certificate when no CA is configured"
}
GHSA-V98W-P8F7-9QQF
Vulnerability from github – Published: 2022-05-13 01:07 – Updated: 2024-10-22 18:31The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
{
"affected": [],
"aliases": [
"CVE-2015-4000"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-05-21T00:59:00Z",
"severity": "MODERATE"
},
"details": "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the \"Logjam\" issue.",
"id": "GHSA-v98w-p8f7-9qqf",
"modified": "2024-10-22T18:31:59Z",
"published": "2022-05-13T01:07:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4000"
},
{
"type": "WEB",
"url": "https://blog.cloudflare.com/logjam-the-latest-tls-vulnerability-explained"
},
{
"type": "WEB",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
},
{
"type": "WEB",
"url": "https://openssl.org/news/secadv/20150611.txt"
},
{
"type": "WEB",
"url": "https://puppet.com/security/cve/CVE-2015-4000"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201506-02"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-46"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20150619-0001"
},
{
"type": "WEB",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03831en_us"
},
{
"type": "WEB",
"url": "https://weakdh.org"
},
{
"type": "WEB",
"url": "https://weakdh.org/imperfect-forward-secrecy.pdf"
},
{
"type": "WEB",
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21959745"
},
{
"type": "WEB",
"url": "https://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5098403"
},
{
"type": "WEB",
"url": "https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes"
},
{
"type": "WEB",
"url": "https://www.openssl.org/news/secadv_20150611.txt"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"type": "WEB",
"url": "https://www.suse.com/security/cve/CVE-2015-4000.html"
},
{
"type": "WEB",
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1138554"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
},
{
"type": "WEB",
"url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes"
},
{
"type": "WEB",
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04718196"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04770140"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04772190"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773119"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773241"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04918839"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04923929"
},
{
"type": "WEB",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04740527"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04953655"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05128722"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05193083"
},
{
"type": "WEB",
"url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc"
},
{
"type": "WEB",
"url": "http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery"
},
{
"type": "WEB",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"type": "WEB",
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402"
},
{
"type": "WEB",
"url": "http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10681"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10727"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159314.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159351.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160117.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00003.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00005.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00046.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00047.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00031.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00032.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00037.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00040.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00016.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00094.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00097.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143506486712441\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143557934009303\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143558092609708\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143628304012255\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143637549705650\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143655800220052\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=143880121627664\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144043644216842\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144050121701297\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144060576831314\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144060606031437\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144061542602287\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144069189622016\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144102017024820\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144104533800819\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=144493176821532\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=145409266329539\u0026w=2"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2015/05/20/8"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1072.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1185.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1197.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1228.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1229.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1230.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1241.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1242.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1243.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1485.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1486.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1488.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1526.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1544.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1604.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1624.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2056.html"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT204941"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT204942"
},
{
"type": "WEB",
"url": "http://support.citrix.com/article/CTX201114"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959111"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959195"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959325"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959453"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959481"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959517"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959530"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959539"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959636"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21959812"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960191"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21961717"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962455"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21962739"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21958984"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21959132"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960194"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960380"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960418"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21962816"
},
{
"type": "WEB",
"url": "http://www-304.ibm.com/support/docview.wss?uid=swg21967893"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3287"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3300"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3324"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3339"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3688"
},
{
"type": "WEB",
"url": "http://www.fortiguard.com/advisory/2015-05-20-logjam-attack"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-70.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74733"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032474"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032475"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032476"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032637"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032645"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032647"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032648"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032649"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032650"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032651"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032652"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032653"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032654"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032655"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032656"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032688"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032699"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032702"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032727"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032759"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032777"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032778"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032783"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032784"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032856"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032864"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032865"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032871"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032884"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032910"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032932"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032960"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033019"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033064"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033065"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033067"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033208"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033209"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033210"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033222"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033341"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033385"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033416"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033430"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033433"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033513"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033760"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033891"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1033991"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034087"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034728"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1034884"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1036218"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040630"
},
{
"type": "WEB",
"url": "http://www.solarwinds.com/documentation/storage/storagemanager/docs/ReleaseNotes/releaseNotes.htm"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2656-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2656-2"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2673-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2696-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2706-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VC62-M272-7VG5
Vulnerability from github – Published: 2022-05-14 03:27 – Updated: 2022-05-14 03:27An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.
{
"affected": [],
"aliases": [
"CVE-2017-13863"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-03T06:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"APNs\" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates.",
"id": "GHSA-vc62-m272-7vg5",
"modified": "2022-05-14T03:27:08Z",
"published": "2022-05-14T03:27:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13863"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208112"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCGJ-J8C5-2H52
Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2024-01-30 22:46It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.2"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:active-directory"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2017-2649"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-30T22:46:41Z",
"nvd_published_at": "2018-07-27T20:29:00Z",
"severity": "HIGH"
},
"details": "It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.",
"id": "GHSA-vcgj-j8c5-2h52",
"modified": "2024-01-30T22:46:41Z",
"published": "2022-05-13T01:36:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2649"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2017-03-20"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96986"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Active Directory Plugin did not verify certificate of AD server"
}
GHSA-VCRQ-9J44-R9J2
Vulnerability from github – Published: 2022-05-14 01:36 – Updated: 2022-05-14 01:36An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.
{
"affected": [],
"aliases": [
"CVE-2018-19982"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-09T19:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP \u003e Server \u003e Controller (HUB) \u003e Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server\u0027s fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key.",
"id": "GHSA-vcrq-9j44-r9j2",
"modified": "2022-05-14T01:36:14Z",
"published": "2022-05-14T01:36:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19982"
},
{
"type": "WEB",
"url": "https://github.com/min1233/CVE/blob/master/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCVX-R925-7VH9
Vulnerability from github – Published: 2023-12-06 09:30 – Updated: 2023-12-12 18:31Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.
{
"affected": [],
"aliases": [
"CVE-2023-49247"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-06T09:15:08Z",
"severity": "HIGH"
},
"details": "Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.",
"id": "GHSA-vcvx-r925-7vh9",
"modified": "2023-12-12T18:31:31Z",
"published": "2023-12-06T09:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49247"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2023/12"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202312-0000001758430245"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-VCX9-7PCC-Q8C7
Vulnerability from github – Published: 2023-04-15 00:30 – Updated: 2024-04-04 03:28strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.
{
"affected": [],
"aliases": [
"CVE-2023-26463"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-15T00:15:00Z",
"severity": "CRITICAL"
},
"details": "strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named \"public\" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.",
"id": "GHSA-vcx9-7pcc-q8c7",
"modified": "2024-04-04T03:28:53Z",
"published": "2023-04-15T00:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26463"
},
{
"type": "WEB",
"url": "https://github.com/strongswan/strongswan/releases"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230517-0010"
},
{
"type": "WEB",
"url": "https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-%28cve-2023-26463%29.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VF2W-CQ9R-CWVW
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2022-04-05 00:01Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889.
{
"affected": [],
"aliases": [
"CVE-2021-43882"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-94"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T15:15:00Z",
"severity": "CRITICAL"
},
"details": "Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889.",
"id": "GHSA-vf2w-cq9r-cwvw",
"modified": "2022-04-05T00:01:16Z",
"published": "2021-12-16T00:01:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43882"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43882"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1553"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.