An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.
View Full Alert
Related Posts
CVE-2016-10761Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack. View Full Alert
CVE-2016-10814cPanel before 57.9999.54 allows demo-mode escape via show_template.stor (SEC-119). View Full Alert
CVE-2016-10773cPanel before 60.0.25 allows format-string injection in exception-message handling (SEC-171). View Full Alert
