Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-42978 | 2025-07-08 | N/A | 3.5 LOW | ||
| The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound connection being established to a possibly malicious remote TLS server and hence disclose information. Integrity and Availability are not impacted. | |||||
| CVE-2025-25305 | 2025-02-18 | N/A | N/A | ||
| Home Assistant Core is an open source home automation that puts local control and privacy first. Affected versions are subject to a potential man-in-the-middle attacks due to missing SSL certificate verification in the project codebase and used third-party libraries. In the past, `aiohttp-session`/`request` had the parameter `verify_ssl` to control SSL certificate verification. This was a boolean value. In `aiohttp` 3.0, this parameter was deprecated in favor of the `ssl` parameter. Only when `ssl` is set to `None` or provided with a correct configured SSL context the standard SSL certificate verification will happen. When migrating integrations in Home Assistant and libraries used by Home Assistant, in some cases the `verify_ssl` parameter value was just moved to the new `ssl` parameter. This resulted in these integrations and 3rd party libraries using `request.ssl = True`, which unintentionally turned off SSL certificate verification and opened up a man-in-the-middle attack vector. This issue has been addressed in version 2024.1.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-48387 | 1 Twca | 1 Jcicsecuritytool | 2024-10-14 | N/A | 8.8 HIGH |
| TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution. | |||||
| CVE-2023-41355 | 1 Nokia | 2 G-040w-q, G-040w-q Firmware | 2024-10-14 | N/A | 9.8 CRITICAL |
| Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | |||||
| CVE-2023-3663 | 1 Codesys | 1 Development System | 2024-10-02 | N/A | 8.8 HIGH |
| In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server. | |||||
| CVE-2022-4800 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 6.5 MEDIUM |
| Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4848 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.7 MEDIUM |
| Improper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1. | |||||