Lucene search
K

199 matches found

Cvelist
Cvelist
added 2025/05/14 8:35 p.m.19 views

CVE-2025-47888

Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...

0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/04/15 7:16 p.m.4 views

CVE-2024-42193

HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle MITM attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized acces...

8.1CVSS5.8AI score0.00219EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/04/02 8:19 p.m.48 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.5 for Spring Boot security update.

Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS7AI score0.79817EPSS
Exploits5References6
Cvelist
Cvelist
added 2025/02/18 6:53 p.m.13 views

CVE-2025-25305 SSL validation for outgoing requests in Home Assistant Core and used libs not correct

Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past,...

7CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/05 5:2 p.m.22 views

CVE-2024-53846 ssl fails to validate incorrect extened key usage

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

5.5CVSS0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/05 5:2 p.m.7 views

CVE-2024-53846 ssl fails to validate incorrect extened key usage

OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...

5.5CVSS7AI score0.00251EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/31 8:25 a.m.11 views

CVE-2024-30149 HCL AppScan Source is affected by an expired TLS/SSL certificate

HCL AppScan Source = 10.6.0 does not properly validate a TLS/SSL certificate for an executable...

4.8CVSS7AI score0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/31 8:25 a.m.18 views

CVE-2024-30149 HCL AppScan Source is affected by an expired TLS/SSL certificate

HCL AppScan Source = 10.6.0 does not properly validate a TLS/SSL certificate for an executable...

4.8CVSS0.00167EPSS
Exploits0References1
NVD
NVD
added 2024/07/05 7:15 p.m.48 views

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

7.5CVSS0.01049EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/07/05 6:39 p.m.38 views

CVE-2024-39689 Certifi removes GLOBALTRUST root certificate

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

7.5CVSS6AI score0.01049EPSS
Exploits0References3
OSV
OSV
added 2024/06/27 9:15 p.m.2 views

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

6.8CVSS5.7AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/27 12:0 a.m.18 views

CVE-2024-36755

D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...

7.1AI score0.00131EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.9 views

PT-2024-22307 · Jenkins · Jenkins Delphix Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Delphix Plugin version 3.0.1 Description: The issue concerns a global option in the Jenkins Delphix Plugin that allows administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections. This...

5.3CVSS6.5AI score0.00417EPSS
Exploits0References8
OSV
OSV
added 2024/01/25 8:15 a.m.6 views

CVE-2023-33757

A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...

5.9CVSS5.8AI score0.00287EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/25 12:0 a.m.5 views

CVE-2023-33757

A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...

5.5AI score0.00287EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.6 views

The vulnerability of the ALEOS operating system in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability of the ALEOS operating system in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, and GX450—is related to deficiencies in SSL certificate validation. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...

8.5CVSS6.8AI score0.00296EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/11/16 6:15 p.m.3 views

CVE-2023-48054

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

7.4CVSS5.8AI score0.00298EPSS
Exploits0References2
PyPA
PyPA
added 2023/11/16 6:15 p.m.5 views

PYSEC-2023-242

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

7.4CVSS6.8AI score0.00305EPSS
Exploits0References2Affected Software1
PyPA
PyPA
added 2023/11/16 6:15 p.m.8 views

PYSEC-2023-243

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

7.4CVSS6.8AI score0.00298EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/11/16 6:15 p.m.5 views

UBUNTU-CVE-2023-48052

Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

7.4CVSS7.1AI score0.00305EPSS
Exploits0References3
Rows per page
Query Builder