Total
1083 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-31340 | 2025-03-28 | N/A | 4.8 MEDIUM | ||
| TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | |||||
| CVE-2024-11621 | 1 Devolutions | 2 Remote Desktop Manager, Remote Desktop Manager Powershell | 2025-03-28 | N/A | 8.8 HIGH |
| Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier | |||||
| CVE-2025-1193 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | N/A | 8.1 HIGH |
| Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. | |||||
| CVE-2018-11087 | 2 Pivotal Software, Vmware | 2 Spring Advanced Message Queuing Protocol, Rabbitmq Java Client | 2025-03-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. | |||||
| CVE-2023-23131 | 2025-03-27 | N/A | 7.5 HIGH | ||
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. | |||||
| CVE-2023-20963 | 1 Google | 1 Android | 2025-03-27 | N/A | 7.8 HIGH |
| In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | |||||
| CVE-2009-2409 | 3 Gnu, Mozilla, Openssl | 3 Gnutls, Network Security Services, Openssl | 2025-03-27 | 5.1 MEDIUM | N/A |
| The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | |||||
| CVE-2024-10445 | 2025-03-27 | N/A | 4.3 MEDIUM | ||
| Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors. | |||||
| CVE-2022-46496 | 1 Bticino | 1 Door Entry For Hometouch | 2025-03-26 | N/A | 5.9 MEDIUM |
| BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. | |||||
| CVE-2024-28872 | 1 Isc | 1 Stork | 2025-03-26 | N/A | 8.9 HIGH |
| The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0. | |||||
| CVE-2024-45234 | 1 Nicmx | 1 Fort-validator | 2025-03-25 | N/A | 7.5 HIGH |
| An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing. | |||||
| CVE-2024-56521 | 2025-03-24 | N/A | 9.8 CRITICAL | ||
| An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | |||||
| CVE-2023-22367 | 1 Ichiranusa | 1 Ichiran | 2025-03-21 | N/A | 5.9 MEDIUM |
| Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | |||||
| CVE-2021-25635 | 2025-03-21 | N/A | N/A | ||
| An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person This issue affects LibreOffice: from 7.0 before 7.0.5, from 7.1 before 7.1.1. | |||||
| CVE-2023-34410 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qt | 2025-03-20 | N/A | 5.3 MEDIUM |
| An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | |||||
| CVE-2025-0254 | 2025-03-20 | N/A | 5.9 MEDIUM | ||
| HCL Digital Experience components Ring API and dxclient may be vulnerable to man-in-the-middle (MitM) attacks prior to 9.5 CF226. An attacker could intercept and potentially alter communication between two parties. | |||||
| CVE-2024-6219 | 2025-03-19 | N/A | 3.8 LOW | ||
| Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | |||||
| CVE-2024-29171 | 1 Dell | 1 Bsafe Ssl-j | 2025-03-19 | N/A | 5.9 MEDIUM |
| Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-10444 | 2025-03-19 | N/A | 7.5 HIGH | ||
| Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2024-41256 | 1 Filestash | 1 Filestash | 2025-03-18 | N/A | 5.9 MEDIUM |
| Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack. | |||||