Total
1083 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-1014 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-02-06 | N/A | 8.8 HIGH |
| Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. | |||||
| CVE-2024-48460 | 2025-02-03 | N/A | 4.3 MEDIUM | ||
| An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails. | |||||
| CVE-2023-31485 | 1 Gitlab\ | 1 \ | 2025-01-31 | N/A | 5.9 MEDIUM |
| GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | |||||
| CVE-2022-47758 | 1 Nanoleaf | 1 Nanoleaf Firmware | 2025-01-31 | N/A | 9.8 CRITICAL |
| Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. | |||||
| CVE-2024-23970 | 2025-01-31 | N/A | 6.5 MEDIUM | ||
| This vulnerability allows network-adjacent attackers to compromise transport security on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CURLOPT_SSL_VERIFYHOST setting. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. | |||||
| CVE-2023-31486 | 1 Http\ | 1 \ | 2025-01-30 | N/A | 8.1 HIGH |
| HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | |||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2025-01-30 | N/A | 9.8 CRITICAL |
| OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | |||||
| CVE-2022-48186 | 1 Lenovo | 1 Baiying | 2025-01-30 | N/A | 6.2 MEDIUM |
| A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | |||||
| CVE-2025-0501 | 2025-01-29 | N/A | 7.5 HIGH | ||
| An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle. | |||||
| CVE-2025-0500 | 2025-01-29 | N/A | 7.5 HIGH | ||
| An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle. | |||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | |||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2025-01-28 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | |||||
| CVE-2024-30020 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-01-28 | N/A | 8.1 HIGH |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | N/A | 5.9 MEDIUM |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | |||||
| CVE-2023-23901 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | N/A | 6.5 MEDIUM |
| Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. | |||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2025-01-27 | N/A | 7.7 HIGH |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | |||||
| CVE-2023-38009 | 2025-01-26 | N/A | 4.2 MEDIUM | ||
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | |||||
| CVE-2023-27823 | 1 Optoma | 1 1080pstx | 2025-01-24 | N/A | 9.8 CRITICAL |
| An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | |||||
| CVE-2024-52330 | 2025-01-23 | N/A | 7.4 HIGH | ||
| ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. | |||||
| CVE-2024-52329 | 2025-01-23 | N/A | 7.4 HIGH | ||
| ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens. | |||||