"Kura Sushi Official App" vulnerable to improper certificate validation

Overview "Kura Sushi Official App" provided by EPG, Inc. contains the following vulnerability. Improper certificate validation on push notifications CWE-295 - CVE-2026-41872 This analysis assumes a man-in-the-middle attack being conducted with a malicious wireless LAN access point Tsuyoshi Ogawa ...

EUVD-2022-29217

Malicious code in bioql PyPI...

CVE-2022-24320

A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure G...

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Standard. An update to IBM CICS TX Standard has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liber...

Security Bulletin: A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced.

Summary A security vulnerability may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. An update to IBM CICS TX Advanced has been released to address this vulnerability. Vulnerability Details CVEID:CVE-2023-50314 DESCRIPTION: IBM WebSphere Application Server Liber...

CVE-2022-45856

An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientLinux 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiClientAndroid 6.4 all...

Fortinet FortiClient (All) - Lack of client-side certificate validation using SAML SSO (FG-IR-22-230) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-230 advisory. - An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...

Fortinet FortiClient (All) - Lack of client-side certificate validation using SAML SSO (FG-IR-22-230)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-230 advisory. - An improper certificate validation vulnerability CWE-295 in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7,...

CVE-2024-33509

CVE-2024-33509 is an improper certificate validation (CWE-295) vulnerability in FortiWeb. A remote, unauthenticated attacker in a MITM position could decipher and/or tamper with the communication channel between FortiWeb and endpoints used to fetch WAF data. Affected FortiWeb versions include 6.3...

JVN#29471697: Android App "TP-Link Tether" and "TP-Link Tapo" vulnerable to improper server certificate verification

Android App "TP-Link Tether" and "TP-Link Tapo" provided by TP-LINK GLOBAL INC. are vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the application Update the...

Siemens RUGGEDCOM APE1808 with Fortigate NGFW Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Fortinet Fortigate lack of certificate validation (FG-IR-23-301)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-301 advisory. - An improper certificate validation vulnerability in Fortinet FortiOS 7.0.0 - 7.0.13, 7.2.0 - 7.2.6, 7.4.0 - 7.4.1 and 6.4 a...

JVN#02058996: HP ThinUpdate vulnerable to improper server certificate verification

HP ThinUpdate provided by HP Development Company, L.P. is vulnerable to improper server certificate verification CWE-295. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication or alter the communication. Solution Update the Software Update the software...

CVE-2022-22305

An improper certificate validation vulnerability CWE-295 in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle th...

CVE-2022-22305

An improper certificate validation vulnerability CWE-295 in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle th...

CVE-2022-22305

CVE-2022-22305 describes an improper certificate validation (CWE-295) in Fortinet products: FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x. The vulnerability may allow a network-adjacent, ...

Milesight UR32L urvpn_client Certificate Validation vulnerability

Talos Vulnerability Report TALOS-2023-1705 Milesight UR32L urvpnclient Certificate Validation vulnerability July 6, 2023 CVE Number CVE-2023-23546 SUMMARY A misconfiguration vulnerability exists in the urvpnclient functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle...

CVE-2023-29175

An improper certificate validation vulnerability CWE-295 in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a...

CVE-2023-29175

CVE-2023-29175 describes an improper certificate validation vulnerability (CWE-295) in FortiOS and FortiProxy that could enable remote, unauthenticated attackers to perform a Man-in-the-Middle attack on the link between affected devices and FortiGuard’s map server. Affected products/versions incl...

Fortinet Fortigate Lack of certificate verification when establishing secure connections with threat feed fabric connectors (FG-IR-22-257)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-257 advisory. - An improper certificate validation vulnerability CWE-295 in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.7, 6.4 all...