Lucene search
K

65 matches found

Prion
Prion
added 2022/10/10 9:15 p.m.11 views

Input validation

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

4.3CVSS7.6AI score0.0023EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/10 12:0 a.m.65 views

CVE-2022-41747

The CVE-2022-41747 entry concerns Trend Micro Apex One agents with an improper certification validation vulnerability. A local attacker who already has low-privilege code execution could abuse the certification validation flaw to load a DLL file with system service privileges on affected Apex One...

7.8CVSS7.6AI score0.0023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/10/10 12:0 a.m.25 views

CVE-2022-41747

An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...

7.8AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/07 12:0 a.m.3 views

PT-2022-26053 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue is related to an improper certification validation vulnerability in Trend Micro Apex One agents. This could allow a local attacker to load a DLL file with system...

7.8CVSS7.4AI score0.0023EPSS
Exploits0References5
NVD
NVD
added 2022/05/17 8:15 a.m.18 views

CVE-2013-10001

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...

5.9CVSS0.00581EPSS
Exploits0References2
Prion
Prion
added 2022/05/17 8:15 a.m.12 views

Design/Logic Flaw

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...

4.3CVSS6.9AI score0.00581EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/17 7:30 a.m.6 views

CVE-2013-10001 HTC One/Sense Mail Client certificate validation

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...

4.8CVSS5.9AI score0.00581EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/17 7:30 a.m.19 views

CVE-2013-10001 HTC One/Sense Mail Client certificate validation

A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...

4.8CVSS5.7AI score0.00581EPSS
Exploits0References2
CVE
CVE
added 2022/05/17 7:30 a.m.57 views

CVE-2013-10001

CVE-2013-10001 affects HTC One/Sense 4.x: the mail client’s certificate validation is flawed. An exploit has been disclosed publicly and may be used, indicating a vulnerability in how the mail client handles server credentials. No further technical details are provided in the supplied documents.

5.9CVSS5.3AI score0.00581EPSS
Exploits0References2
CVE
CVE
added 2020/09/24 1:50 a.m.64 views

CVE-2020-15604

CVE-2020-15604 affects Trend Micro Security 2019 (v15) products in the Active Update path. The issue is an incomplete SSL server certificate validation vulnerability (CWE-295) and, separately, that update files are not properly verified (CWE-494). Exploitation could occur by tricking affected cli...

7.5CVSS7.5AI score0.01618EPSS
Exploits0References4Affected Software5
NVD
NVD
added 2020/07/31 6:15 p.m.22 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS8AI score0.00914EPSS
Exploits1References2
OSV
OSV
added 2020/07/31 6:15 p.m.20 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS8.4AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2020/07/31 6:15 p.m.16 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS7.2AI score0.00914EPSS
Exploits1References4
Prion
Prion
added 2020/07/31 6:15 p.m.24 views

Design/Logic Flaw

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

6.4CVSS8.3AI score0.00864EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2020/07/31 6:15 p.m.31 views

CVE-2020-15134

Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...

8.7CVSS7.2AI score0.00864EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2020/07/31 5:40 p.m.12 views

CVE-2020-15133

In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...

8.7CVSS8.4AI score0.00914EPSS
Exploits1
CVE
CVE
added 2020/07/31 5:40 p.m.134 views

CVE-2020-15134

CVE-2020-15134 describes a TLS certificate verification flaw in Faye before 1.4.0, where the Ruby client uses em-http-request and faye-websocket, and EventMachine’s EM::Connection#start_tls does not verify server certificates by default. This can allow MITM attacks on https: or wss: connections, ...

8.7CVSS7.9AI score0.00864EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2020/06/10 6:15 p.m.15 views

Design/Logic Flaw

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...

2.9CVSS5.2AI score0.00761EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2019/10/01 12:0 a.m.201 views

Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation

Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...

0.6AI score
Exploits0
OSV
OSV
added 2016/10/25 2:29 p.m.8 views

CVE-2016-1000033

Shotwell version 0.22.0 and possibly other versions is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks...

3.7CVSS6.7AI score
Exploits0References1
Rows per page
Query Builder