Total
1149 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41991 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-02-10 | 5.5 Medium |
| A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | ||||
| CVE-2022-48437 | 1 Openbsd | 2 Libressl, Openbsd | 2025-02-10 | 5.3 Medium |
| An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate. | ||||
| CVE-2023-28093 | 1 Pega | 1 Synchronization Engine | 2025-02-07 | 6.5 Medium |
| A user with a compromised configuration can start an unsigned binary as a service. | ||||
| CVE-2023-30517 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-02-07 | 5.3 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. | ||||
| CVE-2023-30516 | 1 Jenkins | 1 Image Tag Parameter | 2025-02-07 | 6.5 Medium |
| Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. | ||||
| CVE-2021-46880 | 1 Openbsd | 2 Libressl, Openbsd | 2025-02-07 | 9.8 Critical |
| x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | ||||
| CVE-2020-0601 | 2 Golang, Microsoft | 5 Go, Windows, Windows 10 and 2 more | 2025-02-07 | 8.1 High |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | ||||
| CVE-2025-0501 | 2025-02-06 | 7.5 High | ||
| An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle. | ||||
| CVE-2025-1014 | 2 Mozilla, Redhat | 8 Firefox, Thunderbird, Enterprise Linux and 5 more | 2025-02-06 | 8.8 High |
| Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | ||||
| CVE-2022-32748 | 1 Schneider-electric | 1 Ecostruxure Cybersecurity Admin Expert | 2025-02-05 | 7.9 High |
| A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | ||||
| CVE-2024-48460 | 2025-02-03 | 4.3 Medium | ||
| An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails. | ||||
| CVE-2023-31485 | 1 Gitlab\ | 1 \ | 2025-01-31 | 5.9 Medium |
| GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | ||||
| CVE-2022-47758 | 1 Nanoleaf | 1 Nanoleaf Firmware | 2025-01-31 | 9.8 Critical |
| Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. | ||||
| CVE-2024-23970 | 2025-01-31 | 6.5 Medium | ||
| This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. | ||||
| CVE-2023-31486 | 3 Http\, Perl, Redhat | 4 \, Perl, Enterprise Linux and 1 more | 2025-01-30 | 8.1 High |
| HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | ||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2025-01-30 | 9.8 Critical |
| OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | ||||
| CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2025-01-30 | 6.2 Medium |
| A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | ||||
| CVE-2024-43550 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-29 | 7.4 High |
| Windows Secure Channel Spoofing Vulnerability | ||||
| CVE-2023-24461 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2025-01-29 | 7.4 High |
| An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2023-20963 | 1 Google | 1 Android | 2025-01-28 | 7.8 High |
| In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | ||||