65 matches found
Input validation
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...
CVE-2022-41747
The CVE-2022-41747 entry concerns Trend Micro Apex One agents with an improper certification validation vulnerability. A local attacker who already has low-privilege code execution could abuse the certification validation flaw to load a DLL file with system service privileges on affected Apex One...
CVE-2022-41747
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in...
PT-2022-26053 · Trend Micro · Trend Micro Apex One
Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: The issue is related to an improper certification validation vulnerability in Trend Micro Apex One agents. This could allow a local attacker to load a DLL file with system...
CVE-2013-10001
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...
Design/Logic Flaw
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...
CVE-2013-10001 HTC One/Sense Mail Client certificate validation
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...
CVE-2013-10001 HTC One/Sense Mail Client certificate validation
A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used...
CVE-2013-10001
CVE-2013-10001 affects HTC One/Sense 4.x: the mail client’s certificate validation is flawed. An exploit has been disclosed publicly and may be used, indicating a vulnerability in how the mail client handles server credentials. No further technical details are provided in the supplied documents.
CVE-2020-15604
CVE-2020-15604 affects Trend Micro Security 2019 (v15) products in the Active Update path. The issue is an incomplete SSL server certificate validation vulnerability (CWE-295) and, separately, that update files are not properly verified (CWE-494). Exploitation could occur by tricking affected cli...
CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
Design/Logic Flaw
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...
CVE-2020-15134
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL i...
CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...
CVE-2020-15134
CVE-2020-15134 describes a TLS certificate verification flaw in Faye before 1.4.0, where the Ruby client uses em-http-request and faye-websocket, and EventMachine’s EM::Connection#start_tls does not verify server certificates by default. This can allow MITM attacks on https: or wss: connections, ...
Design/Logic Flaw
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
Product Name: FortiSIEM Tested versions: 5.0, 5.2.1 Fixed in version: Only a manual workaround is available from Fortinet as of this writing Weakness Type: CWE-295 - Improper Certificate Validation Discovered by: Andrew Klaus Cybera Canada CVE: Pending == Disclosure Timeline: June 25, 2019: Initi...
CVE-2016-1000033
Shotwell version 0.22.0 and possibly other versions is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks...