Total
1149 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20126 | 2025-01-13 | 4.8 Medium | ||
| A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | ||||
| CVE-2025-0239 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-01-13 | 4 Medium |
| When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird < 128.6. | ||||
| CVE-2024-54849 | 2025-01-13 | 5.9 Medium | ||
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-54848 | 2025-01-13 | 7.4 High | ||
| Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | ||||
| CVE-2024-54847 | 2025-01-13 | 5.9 Medium | ||
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2024-54846 | 2025-01-13 | 5.9 Medium | ||
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | ||||
| CVE-2023-0547 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-01-10 | 6.5 Medium |
| OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | ||||
| CVE-2023-0430 | 2 Mozilla, Redhat | 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more | 2025-01-10 | 6.5 Medium |
| Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | ||||
| CVE-2023-24568 | 1 Dell | 1 Networker | 2025-01-10 | 5 Medium |
| Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | ||||
| CVE-2024-5445 | 2025-01-07 | 3.8 Low | ||
| Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position. | ||||
| CVE-2024-40702 | 1 Ibm | 2 Cognos Controller, Controller | 2025-01-07 | 8.2 High |
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | ||||
| CVE-2023-29501 | 1 Runsystem | 1 Jiyu Kukan Toku-toku Coupon | 2025-01-03 | 4.8 Medium |
| Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. | ||||
| CVE-2023-51634 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | 7.5 High |
| NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | ||||
| CVE-2023-35142 | 1 Jenkins | 1 Checkmarx | 2025-01-02 | 8.1 High |
| Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. | ||||
| CVE-2022-21836 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2025-01-02 | 7.8 High |
| Windows Certificate Spoofing Vulnerability | ||||
| CVE-2024-0057 | 2 Microsoft, Redhat | 19 .net, .net Framework, Powershell and 16 more | 2024-12-31 | 9.1 Critical |
| NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | ||||
| CVE-2024-8285 | 1 Redhat | 2 Amq Streams, Kroxylicious | 2024-12-30 | 5.9 Medium |
| A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality. | ||||
| CVE-2023-47742 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-23 | 5.9 Medium |
| IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533. | ||||
| CVE-2024-38861 | 1 Tomtretbar | 1 Mikrotik | 2024-12-20 | 7.4 High |
| Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a. | ||||
| CVE-2024-47119 | 1 Ibm | 1 Storage Defender Resiliency Service | 2024-12-18 | 5.9 Medium |
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | ||||