The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authori...
On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attac...
Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated u...
In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust.
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could p...