Lucene search
+L

53 matches found

openvas
openvas
added 2024/06/12 12:0 a.m.20 views

openSUSE: Security Advisory for python (SUSE-SU-2024:1937-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.6CVSS6.5AI score0.0034EPSS
Exploits0References2
nessus
nessus
added 2024/06/08 12:0 a.m.26 views

SUSE SLES15 Security Update : python-docker (SUSE-SU-2024:1937-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2024:1937-1 advisory. - CVE-2024-35195: Fixed missing certificate verification bsc1224788. Tenable has extracted the preceding description block directly from the...

5.6CVSS6.4AI score0.0034EPSS
Exploits0References4
cve
cve
added 2024/04/10 3:51 p.m.76 views

CVE-2024-31872

CVE-2024-31872 concerns IBM Security Verify Access Appliance (affected: 10.0.0–10.0.7). The root cause, per the sources, is missing certificate validation during deployment of Open Source scripts, enabling a malicious actor to conduct a man-in-the-middle attack. Impact is described as compromisin...

8.1CVSS7.1AI score0.00582EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2024/01/30 12:0 a.m.8 views

PT-2024-14309 · Ylianst · Ylianst Meshcentral

Name of the Vulnerable Software and Affected Versions: Ylianst MeshCentral version 1.1.16 Description: The issue concerns missing SSL certificate validation. Recommendations: For Ylianst MeshCentral version 1.1.16, consider implementing proper SSL certificate validation to mitigate the risk of...

9.8CVSS9.3AI score0.00467EPSS
Exploits0References8
packetstorm
packetstorm
added 2023/12/13 12:0 a.m.417 views

Anveo Mobile User Enumeration / Missing Certificate Validation

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Missing Certificate Validation & User Enumeration product: Anveo Mobile App and Server vulnerable version: Mobile App: 10.0.0.359 / 2016-07-13; Server: 11.0.0.5 fixed...

7.4AI score
Exploits0
osv
osv
added 2023/11/16 6:15 p.m.4 views

PYSEC-2023-243

Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack...

7.4CVSS5.9AI score0.00298EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/04/27 12:0 a.m.5 views

Nanoleaf firmware 信任管理问题漏洞

Nanoleaf firmware is a router firmware from Nanoleaf. A trust management issue vulnerability exists in Nanoleaf firmware version 7.1.1 and prior versions, which stems from a missing SSL certificate. An attacker could exploit this vulnerability to execute arbitrary code via a DHCP hijacking attack...

9.8CVSS8.9AI score0.01124EPSS
Exploits1References4
osv
osv
added 2023/04/10 12:0 a.m.24 views

CVE-2023-25392

Allegro Tech BigFlow 1.6 is vulnerable to Missing SSL Certificate Validation...

5.9CVSS5.9AI score0.00434EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 4:20 a.m.4 views

SUSE CVE-2018-1000500

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...

7.5CVSS8AI score0.02462EPSS
Exploits0References13
susecve
susecve
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-15525

There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1...

8.1CVSS8.3AI score0.00814EPSS
Exploits0References3
redhat
redhat
added 2022/12/07 8:29 p.m.8 views

python-scciclient: missing server certificate verification

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle MITM attacks...

7.4CVSS5.7AI score0.00508EPSS
Exploits0References5
prion
prion
added 2022/04/11 8:15 p.m.23 views

Privilege escalation

In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315...

4.6CVSS6.7AI score0.00082EPSS
Exploits0References1Affected Software1
osv
osv
added 2021/06/17 2:15 p.m.1 views

DEBIAN-CVE-2021-34825

Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system...

7.5CVSS7.2AI score0.00616EPSS
Exploits1References1
mscve
mscve
added 2020/10/25 12:0 a.m.4 views

Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".

...

8.1CVSS8.8AI score0.02462EPSS
Exploits0
pypa
pypa
added 2020/08/27 10:15 p.m.8 views

PYSEC-2020-252

The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName...

9.8CVSS7.1AI score0.00759EPSS
Exploits1References2Affected Software1
osv
osv
added 2020/06/22 6:15 p.m.5 views

CVE-2020-14980

The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation...

5.9CVSS6.2AI score0.01148EPSS
Exploits0References2
osv
osv
added 2020/06/22 6:15 p.m.4 views

CVE-2020-14981

The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation...

5.9CVSS6.2AI score0.00816EPSS
Exploits0References2
nessus
nessus
added 2020/06/18 12:0 a.m.26 views

Palo Alto GlobalProtect Agent 5.0.x < 5.0.10 / 5.1.x < 5.1.4 Missing Certificate Validation

The version of Palo Alto GlobalProtect Agent installed on the remote host is 5.0.x prior to 5.0.10, or 5.1.x prior to 5.1.4. It is, therefore, affected by a missing certificate validation vulnerability. When the pre-logon feature is enabled, a missing certification validation in Palo Alto Network...

5.3CVSS5.8AI score0.00761EPSS
Exploits0References2
paloalto
paloalto
added 2020/06/10 4:0 p.m.52 views

GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie

When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...

5.3CVSS3.1AI score0.00761EPSS
Exploits0References1
veracode
veracode
added 2020/04/10 12:42 a.m.21 views

Denial Of Service (DoS)

NetworkManager is vulnerable to Denial of Service DoS. A missing network certificate verification flaw was found in NetworkManager. If a user created a WPA Enterprise or 802.1x wireless network connection that was verified using a Certificate Authority CA certificate, and then later removed that ...

6.8CVSS2.1AI score0.01897EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder