![]() ![]() This was enabled to maintain compatibility with old or outdated home routers. The Western Digital My Cloud Web App uses a weak SSLContext when attempting to configure port forwarding rules. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Conclusions of Mozilla's investigation can be found in the linked google group discussion. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. These are in the process of being removed from Mozilla's trust store. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.Ĭertifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.Ī vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions 1) Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.143 and earlier globally and unconditionally disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. ![]() ![]() The vendor advisory stated "a new Array AG release with the fix will be available soon."Īn authentication bypass vulnerability exists in libcurl 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.Īn access of uninitialized pointer vulnerability in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.ĬomponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. The product could then be exploited through a vulnerable URL. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default.Īrray Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |