Total
38 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4295 | 2025-07-25 | N/A | 4.6 MEDIUM | ||
| Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting.This issue affects B2B: before 04.06.2025. | |||||
| CVE-2024-54019 | 1 Fortinet | 1 Forticlient | 2025-07-25 | N/A | 4.8 MEDIUM |
| A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all versions allow an unauthorized attacker to redirect VPN connections via DNS spoofing or another form of redirection. | |||||
| CVE-2025-49015 | 1 Couchbase | 1 .net Sdk | 2025-07-09 | N/A | 4.9 MEDIUM |
| The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of hostnames due to a configuration option that was incorrectly enabled by default. | |||||
| CVE-2024-34447 | 2025-06-17 | N/A | 7.5 HIGH | ||
| An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning. | |||||
| CVE-2025-3501 | 2025-06-09 | N/A | 8.2 HIGH | ||
| A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. | |||||
| CVE-2025-42921 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | N/A | 4.2 MEDIUM |
| In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin | |||||
| CVE-2017-2911 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2017-2912 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 2.6 LOW | 5.9 MEDIUM |
| An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
| CVE-2016-1280 | 1 Juniper | 1 Junos | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 before 14.1X53-D40, 14.2 before 14.2R7, 15.1 before 15.1R4, 15.1X49 before 15.1X49-D20, 15.1X53 before 15.1X53-D60, and 16.1 before 16.1R1 allow remote attackers to bypass an intended certificate validation mechanism via a self-signed certificate with an Issuer name that matches a valid CA certificate enrolled in Junos. | |||||
| CVE-2014-3522 | 4 Apache, Apple, Canonical and 1 more | 4 Subversion, Xcode, Ubuntu Linux and 1 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2024-49782 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | N/A | 6.8 MEDIUM |
| IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification delivery. | |||||
| CVE-2024-32868 | 1 Zitadel | 1 Zitadel | 2025-01-08 | N/A | 6.5 MEDIUM |
| ZITADEL provides users the possibility to use Time-based One-Time-Password (TOTP) and One-Time-Password (OTP) through SMS and Email. While ZITADEL already gives administrators the option to define a `Lockout Policy` with a maximum amount of failed password check attempts, there was no such mechanism for (T)OTP checks. This issue has been patched in version 2.50.0. | |||||
| CVE-2024-2466 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc). | |||||
| CVE-2024-2462 | 2024-11-21 | N/A | N/A | ||
| Allow attackers to intercept or falsify data exchanges between the client and the server | |||||
| CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | |||||
| CVE-2023-34143 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2024-11-21 | N/A | 5.6 MEDIUM |
| Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02. | |||||
| CVE-2023-24568 | 1 Dell | 1 Networker | 2024-11-21 | N/A | 5.0 MEDIUM |
| Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. | |||||
| CVE-2022-48308 | 1 Palantir | 1 Sls-logging | 2024-11-21 | N/A | 6.3 MEDIUM |
| It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. | |||||
| CVE-2022-48307 | 1 Palantir | 1 Magritte-ftp | 2024-11-21 | N/A | 6.3 MEDIUM |
| It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack. | |||||
| CVE-2022-48306 | 1 Palantir | 1 Gotham Chat Irc | 2024-11-21 | N/A | 5.7 MEDIUM |
| Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242. | |||||