Total
1136 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1052 | 1 Hashicorp | 1 Boundary | 2024-11-21 | 8 High |
| Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. | ||||
| CVE-2023-6680 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.4 High |
| An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator. | ||||
| CVE-2023-6043 | 1 Lenovo | 1 Vantage | 2024-11-21 | 7.8 High |
| A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges. | ||||
| CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-11-21 | 7.5 High |
| KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | ||||
| CVE-2023-5594 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2024-11-21 | 7.5 High |
| Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. | ||||
| CVE-2023-5554 | 1 Linecorp | 1 Line | 2024-11-21 | 4.8 Medium |
| Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | ||||
| CVE-2023-5422 | 1 Otrs | 1 Otrs | 2024-11-21 | 8.7 High |
| The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | ||||
| CVE-2023-51837 | 1 Meshcentral | 1 Meshcentral | 2024-11-21 | 9.8 Critical |
| Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | ||||
| CVE-2023-51662 | 1 Snowflake | 1 Snowflake Connector | 2024-11-21 | 6 Medium |
| The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | ||||
| CVE-2023-50949 | 2024-11-21 | 5.9 Medium | ||
| IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | ||||
| CVE-2023-50454 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. | ||||
| CVE-2023-50356 | 1 Areal-topkapi | 1 Vision Server | 2024-11-21 | 6.5 Medium |
| SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login. | ||||
| CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 4.7 Medium |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | ||||
| CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 7.2 High |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | ||||
| CVE-2023-4801 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 7.5 High |
| An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | ||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2024-11-21 | 7.5 High |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | ||||
| CVE-2023-49312 | 1 Precisionbridge | 1 Precision Bridge | 2024-11-21 | 9.1 Critical |
| Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | ||||
| CVE-2023-49247 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-48054 | 1 Localstack | 1 Localstack | 2024-11-21 | 7.4 High |
| Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||||
| CVE-2023-48052 | 1 Httpie | 1 Httpie | 2024-11-21 | 7.4 High |
| Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||||