The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
Google Chrome caches TLS sessions before certificate validation occurs.
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or fa...
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program...