Total
1042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43882 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2020-28972 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2023-12-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | |||||
| CVE-2023-6680 | 1 Gitlab | 1 Gitlab | 2023-12-19 | N/A | 8.1 HIGH |
| An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker to authenticate as another user given their public key if they use Smartcard authentication. Smartcard authentication is an experimental feature and has to be manually enabled by an administrator. | |||||
| CVE-2009-4123 | 1 Jruby | 1 Jruby-openssl | 2023-12-14 | N/A | 7.5 HIGH |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | |||||
| CVE-2023-48427 | 1 Siemens | 1 Sinec Ins | 2023-12-14 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. | |||||
| CVE-2023-30222 | 1 4d | 1 Server | 2023-12-14 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. | |||||
| CVE-2023-50454 | 1 Zammad | 1 Zammad | 2023-12-13 | N/A | 5.9 MEDIUM |
| An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. | |||||
| CVE-2023-49247 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-12 | N/A | 7.5 HIGH |
| Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-4586 | 2 Infinispan, Redhat | 2 Hot Rod, Data Grid | 2023-12-06 | N/A | 7.4 HIGH |
| A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. | |||||
| CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2023-12-06 | N/A | 7.5 HIGH |
| KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | |||||
| CVE-2023-49312 | 1 Precisionbridge | 1 Precision Bridge | 2023-11-30 | N/A | 9.1 CRITICAL |
| Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | |||||
| CVE-2023-43082 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2023-11-30 | N/A | 5.9 MEDIUM |
| Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. | |||||
| CVE-2022-36881 | 1 Jenkins | 1 Git Client | 2023-11-22 | N/A | 8.1 HIGH |
| Jenkins Git client Plugin 3.11.0 and earlier does not perform SSH host key verification when connecting to Git repositories via SSH, enabling man-in-the-middle attacks. | |||||
| CVE-2023-48054 | 1 Localstack | 1 Localstack | 2023-11-22 | N/A | 7.4 HIGH |
| Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | |||||
| CVE-2017-14419 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-11-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | |||||
| CVE-2017-14420 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-11-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2022-28142 | 1 Jenkins | 1 Proxmox | 2023-11-17 | 4.3 MEDIUM | 7.5 HIGH |
| Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally for the Jenkins controller JVM when configured to ignore SSL/TLS issues. | |||||
| CVE-2023-42532 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.5 HIGH |
| Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | |||||
| CVE-2023-42425 | 1 Turing | 2 Edge\+ Evc5fd, Edge\+ Evc5fd Firmware | 2023-11-09 | N/A | 9.8 CRITICAL |
| An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. | |||||
| CVE-2021-39359 | 2 Fedoraproject, Gnome | 2 Fedora, Libgda | 2023-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||