CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

Index: modules/ssl/ssl\_engine\_kernel.c =================================================================== --- modules/ssl/ssl\_engine\_kernel.c (revision 264993) +++ modules/ssl/ssl\_engine\_kernel.c (working copy) @@ -406,8 +406,8 @@ (!(verify\_old & SSL\_VERIFY\_PEER) && (verify & SSL\_VERIFY\_PEER)) || - (!(verify\_old & SSL\_VERIFY\_PEER\_STRICT) && - (verify & SSL\_VERIFY\_PEER\_STRICT))) + (!(verify\_old & SSL\_VERIFY\_FAIL\_IF\_NO\_PEER\_CERT) && + (verify & SSL\_VERIFY\_FAIL\_IF\_NO\_PEER\_CERT))) { renegotiate = TRUE; /\* optimization \*/

Headline

CVE-2005-2700

CVE: Latest News