Total
1083 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-5445 | 2025-01-07 | N/A | 3.8 LOW | ||
| Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position. | |||||
| CVE-2024-40702 | 2025-01-07 | N/A | 8.2 HIGH | ||
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | |||||
| CVE-2023-51634 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 7.5 HIGH |
| NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | |||||
| CVE-2023-47742 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-23 | N/A | 5.9 MEDIUM |
| IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533. | |||||
| CVE-2024-38861 | 1 Tomtretbar | 1 Mikrotik | 2024-12-20 | N/A | 7.4 HIGH |
| Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a. | |||||
| CVE-2024-47119 | 2024-12-18 | N/A | 5.9 MEDIUM | ||
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | |||||
| CVE-2024-0042 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40104 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.5 HIGH |
| In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-6001 | 2024-12-16 | N/A | 8.1 HIGH | ||
| An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. | |||||
| CVE-2024-4762 | 2024-12-16 | N/A | 7.8 HIGH | ||
| An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. | |||||
| CVE-2024-47241 | 1 Dell | 1 Secure Connect Gateway | 2024-12-13 | N/A | 5.5 MEDIUM |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. | |||||
| CVE-2024-33612 | 1 F5 | 1 Big-ip Next Central Manager | 2024-12-12 | N/A | 6.8 MEDIUM |
| An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-12174 | 2024-12-09 | N/A | 2.7 LOW | ||
| An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. | |||||
| CVE-2024-54147 | 2024-12-09 | N/A | 6.8 MEDIUM | ||
| Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks (eg. public wifi, malicious DNS servers) may have all GraphQL request and response headers and bodies fully compromised including authorization tokens. The attack also allows obtaining full access to any signed-in Altair GraphQL Cloud account and replacing payment checkout pages with a malicious website. Version 8.0.5 fixes the issue. | |||||
| CVE-2024-48865 | 2024-12-06 | N/A | N/A | ||
| An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | |||||
| CVE-2024-53846 | 2024-12-05 | N/A | 5.5 MEDIUM | ||
| OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). | |||||
| CVE-2024-45205 | 2024-12-04 | N/A | 7.1 HIGH | ||
| An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). | |||||
| CVE-2024-27323 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2024-12-03 | N/A | 7.5 HIGH |
| PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224. | |||||
| CVE-2020-3557 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted data stream to the host input daemon of the affected device. A successful exploit could allow the attacker to cause the host input daemon to restart. The attacker could use repeated attacks to cause the daemon to continuously reload, creating a DoS condition for the API. | |||||
| CVE-2019-12855 | 1 Twisted | 1 Twisted | 2024-11-25 | 5.8 MEDIUM | 7.4 HIGH |
| In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | |||||