Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files.
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
Google Chrome caches TLS sessions before certificate validation occurs.
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certif...
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or fa...