Total
1114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-29050 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-01-16 | N/A | 8.4 HIGH |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2023-1664 | 1 Redhat | 5 Build Of Quarkus, Jboss A-mq, Keycloak and 2 more | 2025-01-15 | N/A | 6.5 MEDIUM |
| A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable. | |||||
| CVE-2023-28321 | 5 Apple, Debian, Fedoraproject and 2 more | 14 Macos, Debian Linux, Fedora and 11 more | 2025-01-15 | N/A | 5.9 MEDIUM |
| An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | |||||
| CVE-2020-27648 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 6.8 MEDIUM | 8.3 HIGH |
| Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2024-54849 | 2025-01-13 | N/A | 5.9 MEDIUM | ||
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | |||||
| CVE-2024-54848 | 2025-01-13 | N/A | 7.4 HIGH | ||
| Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | |||||
| CVE-2024-54847 | 2025-01-13 | N/A | 5.9 MEDIUM | ||
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | |||||
| CVE-2024-54846 | 2025-01-13 | N/A | 5.9 MEDIUM | ||
| An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | |||||
| CVE-2023-0547 | 1 Mozilla | 1 Thunderbird | 2025-01-10 | N/A | 6.5 MEDIUM |
| OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | |||||
| CVE-2023-0430 | 1 Mozilla | 1 Thunderbird | 2025-01-10 | N/A | 6.5 MEDIUM |
| Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | |||||
| CVE-2025-20126 | 2025-01-08 | N/A | 4.8 MEDIUM | ||
| A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | |||||
| CVE-2024-5445 | 2025-01-07 | N/A | 3.8 LOW | ||
| Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle and intercept traffic between the agent and N-able servers from a privileged network position. | |||||
| CVE-2024-40702 | 2025-01-07 | N/A | 8.2 HIGH | ||
| IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | |||||
| CVE-2023-51634 | 1 Netgear | 2 Rax30, Rax30 Firmware | 2025-01-03 | N/A | 7.5 HIGH |
| NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | |||||
| CVE-2023-35142 | 1 Jenkins | 1 Checkmarx | 2025-01-02 | N/A | 8.1 HIGH |
| Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. | |||||
| CVE-2023-47742 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-12-23 | N/A | 5.9 MEDIUM |
| IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533. | |||||
| CVE-2024-38861 | 1 Tomtretbar | 1 Mikrotik | 2024-12-20 | N/A | 7.4 HIGH |
| Improper Certificate Validation in Checkmk Exchange plugin MikroTik allows attackers in MitM position to intercept traffic. This issue affects MikroTik: from 2.0.0 through 2.5.5, from 0.4a_mk through 2.0a. | |||||
| CVE-2024-47119 | 2024-12-18 | N/A | 5.9 MEDIUM | ||
| IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | |||||
| CVE-2024-0042 | 1 Google | 1 Android | 2024-12-17 | N/A | 7.8 HIGH |
| In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-40104 | 1 Google | 1 Android | 2024-12-16 | N/A | 7.5 HIGH |
| In ca-certificates, there is a possible way to read encrypted TLS data due to untrusted cryptographic certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||