53 matches found
openSUSE: Security Advisory for python (SUSE-SU-2024:1937-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification bsc1224788. Tenable has extracted the preceding description block directly from the...
CVE-2024-31872
CVE-2024-31872 concerns IBM Security Verify Access Appliance (affected: 10.0.0–10.0.7). The root cause, per the sources, is missing certificate validation during deployment of Open Source scripts, enabling a malicious actor to conduct a man-in-the-middle attack. Impact is described as compromisin...
PT-2024-14309 · Ylianst · Ylianst Meshcentral
Name of the Vulnerable Software and Affected Versions: Ylianst MeshCentral version 1.1.16 Description: The issue concerns missing SSL certificate validation. Recommendations: For Ylianst MeshCentral version 1.1.16, consider implementing proper SSL certificate validation to mitigate the risk of...
Anveo Mobile User Enumeration / Missing Certificate Validation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Missing Certificate Validation & User Enumeration product: Anveo Mobile App and Server vulnerable version: Mobile App: 10.0.0.359 / 2016-07-13; Server: 11.0.0.5 fixed...
PYSEC-2023-243
Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...
Nanoleaf firmware 信任管理问题漏洞
Nanoleaf firmware is a router firmware from Nanoleaf. A trust management issue vulnerability exists in Nanoleaf firmware version 7.1.1 and prior versions, which stems from a missing SSL certificate. An attacker could exploit this vulnerability to execute arbitrary code via a DHCP hijacking attack...
CVE-2023-25392
Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...
SUSE CVE-2018-1000500
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...
SUSE CVE-2019-15525
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1...
python-scciclient: missing server certificate verification
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...
Privilege escalation
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315...
DEBIAN-CVE-2021-34825
Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system...
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".
...
PYSEC-2020-252
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName...
CVE-2020-14980
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation...
CVE-2020-14981
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation...
Palo Alto GlobalProtect Agent 5.0.x < 5.0.10 / 5.1.x < 5.1.4 Missing Certificate Validation
The version of Palo Alto GlobalProtect Agent installed on the remote host is 5.0.x prior to 5.0.10, or 5.1.x prior to 5.1.4. It is, therefore, affected by a missing certificate validation vulnerability. When the pre-logon feature is enabled, a missing certification validation in Palo Alto Network...
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
Denial Of Service (DoS)
NetworkManager is vulnerable to Denial of Service DoS. A missing network certificate verification flaw was found in NetworkManager. If a user created a WPA Enterprise or 802.1x wireless network connection that was verified using a Certificate Authority CA certificate, and then later removed that ...