libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. It considers CN even when there is a non-matching subjectAltName (SAN). This is fixed in, for example, openldap-2.4.46-10.el8 in Red Hat Enterprise Linux.
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (W...
Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber...
An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to co...
IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning.
In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to ...