199 matches found
CVE-2025-47888
Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks...
CVE-2024-42193
HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle MITM attacks and data exposure as, if exploited, this vulnerability could potentially lead to unauthorized acces...
Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8.5 for Spring Boot security update.
Red Hat build of Apache Camel 4.8.5 for Spring Boot release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
CVE-2025-25305 SSL validation for outgoing requests in Home Assistant Core and used libs not correct
Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past,...
CVE-2024-53846 ssl fails to validate incorrect extened key usage
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...
CVE-2024-53846 ssl fails to validate incorrect extened key usage
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and...
CVE-2024-30149 HCL AppScan Source is affected by an expired TLS/SSL certificate
HCL AppScan Source = 10.6.0 does not properly validate a TLS/SSL certificate for an executable...
CVE-2024-30149 HCL AppScan Source is affected by an expired TLS/SSL certificate
HCL AppScan Source = 10.6.0 does not properly validate a TLS/SSL certificate for an executable...
CVE-2024-39689
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...
CVE-2024-39689 Certifi removes GLOBALTRUST root certificate
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...
CVE-2024-36755
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...
CVE-2024-36755
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack...
PT-2024-22307 · Jenkins · Jenkins Delphix Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Delphix Plugin version 3.0.1 Description: The issue concerns a global option in the Jenkins Delphix Plugin that allows administrators to enable or disable SSL/TLS certificate validation for Data Control Tower DCT connections. This...
CVE-2023-33757
A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...
CVE-2023-33757
A lack of SSL certificate validation in Splicecom iPCS iOS App v1.3.4, iPCS2 iOS App v2.8 and before, and iPCS Android App v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack...
The vulnerability of the ALEOS operating system in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, GX450—allows a attacker to execute a “man-in-the-middle” attack.
The vulnerability of the ALEOS operating system in wireless routers from Sierra Wireless—MP70, RV50x, RV55, LX40, LX60 ES450, and GX450—is related to deficiencies in SSL certificate validation. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...
CVE-2023-48054
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
PYSEC-2023-242
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
PYSEC-2023-243
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
UBUNTU-CVE-2023-48052
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...