Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2190 | 1 Tecno | 1 Com.transsnet.store | 2025-09-05 | N/A | 8.1 HIGH |
| The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks. | |||||
| CVE-2024-12925 | 2025-09-02 | N/A | 7.3 HIGH | ||
| Improper Validation of Certificate with Host Mismatch vulnerability in Akınsoft QR Menü allows HTTP Response Splitting.This issue affects QR Menü: from s1.05.05 before v1.05.12. | |||||
| CVE-2025-3501 | 2025-08-07 | N/A | 8.2 HIGH | ||
| A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. | |||||
| CVE-2024-2466 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Bootstrap Os and 9 more | 2025-07-30 | N/A | 6.5 MEDIUM |
| libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). | |||||
| CVE-2025-4295 | 2025-07-25 | N/A | 4.6 MEDIUM | ||
| Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025. | |||||
| CVE-2024-54019 | 1 Fortinet | 1 Forticlient | 2025-07-25 | N/A | 4.8 MEDIUM |
| A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection. | |||||
| CVE-2025-49015 | 1 Couchbase | 1 .net Sdk | 2025-07-09 | N/A | 4.9 MEDIUM |
| The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default. | |||||
| CVE-2024-34447 | 2025-06-17 | N/A | 7.5 HIGH | ||
| An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning. | |||||
| CVE-2025-42921 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 4.2 MEDIUM |
| In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin | |||||
| CVE-2017-2912 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2017-2911 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2016-1280 | 1 Juniper | 1 Junos | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos. | |||||
| CVE-2014-3522 | 4 Apache, Apple, Canonical and 1 more | 4 Subversion, Xcode, Ubuntu Linux and 1 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2024-49782 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | N/A | 6.8 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. | |||||
| CVE-2024-32868 | 1 Zitadel | 1 Zitadel | 2025-01-08 | N/A | 6.5 MEDIUM |
| ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0. | |||||
| CVE-2024-2462 | 2024-11-21 | N/A | N/A | ||
| Allow attackers to intercept or falsify data exchanges between the client and the server | |||||
| CVE-2023-24568 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 5.0 MEDIUM |
| Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | |||||
| CVE-2022-22305 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. | |||||
| CVE-2021-21385 | 1 Mifos | 1 Mifos-mobile | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62. | |||||
| CVE-2020-15260 | 1 Teluu | 1 Pjsip | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection to another hostname, say `sip.bar.com`, which has the same IP address, then it will reuse that existing connection, even though `100.1.1.1` does not have certificate to authenticate as `sip.bar.com`. The vulnerability allows for an insecure interaction without user awareness. It affects users who need access to connections to different destinations that translate to the same address, and allows man-in-the-middle attack if attacker can route a connection to another destination such as in the case of DNS spoofing. | |||||