Total
1136 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32748 | 1 Schneider-electric | 1 Ecostruxure Cybersecurity Admin Expert | 2025-02-05 | 7.9 High |
| A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | ||||
| CVE-2024-48460 | 2025-02-03 | 4.3 Medium | ||
| An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails. | ||||
| CVE-2023-31485 | 1 Gitlab\ | 1 \ | 2025-01-31 | 5.9 Medium |
| GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | ||||
| CVE-2022-47758 | 1 Nanoleaf | 1 Nanoleaf Firmware | 2025-01-31 | 9.8 Critical |
| Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. | ||||
| CVE-2024-23970 | 2025-01-31 | 6.5 Medium | ||
| This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. | ||||
| CVE-2023-31486 | 3 Http\, Perl, Redhat | 4 \, Perl, Enterprise Linux and 1 more | 2025-01-30 | 8.1 High |
| HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | ||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2025-01-30 | 9.8 Critical |
| OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | ||||
| CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2025-01-30 | 6.2 Medium |
| A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | ||||
| CVE-2024-43550 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-29 | 7.4 High |
| Windows Secure Channel Spoofing Vulnerability | ||||
| CVE-2023-24461 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2025-01-29 | 7.4 High |
| An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-20963 | 1 Google | 1 Android | 2025-01-28 | 7.8 High |
| In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | ||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | ||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | 7.5 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | ||||
| CVE-2024-30020 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-28 | 8.1 High |
| Windows Cryptographic Services Remote Code Execution Vulnerability | ||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | 5.9 Medium |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | ||||
| CVE-2023-23901 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | 4.8 Medium |
| Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. | ||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2025-01-27 | 7.7 High |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | ||||
| CVE-2023-38009 | 1 Ibm | 1 Cognos Analytics Mobile | 2025-01-27 | 4.2 Medium |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | ||||
| CVE-2023-27823 | 1 Optoma | 1 1080pstx | 2025-01-24 | 9.8 Critical |
| An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | ||||
| CVE-2023-31151 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-24 | 4.7 Medium |
| An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||