Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM.
A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval.
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
Google Chrome caches TLS sessions before certificate validation occurs.
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certif...
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or fa...