Export limit exceeded: 352377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1422 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11621 | 1 Devolutions | 2 Remote Desktop Manager, Remote Desktop Manager Powershell | 2025-03-28 | 8.8 High |
| Missing certificate validation in Devolutions Remote Desktop Manager on macOS, iOS, Android, Linux allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack. Versions affected are : Remote Desktop Manager macOS 2024.3.9.0 and earlier Remote Desktop Manager Linux 2024.3.2.5 and earlier Remote Desktop Manager Android 2024.3.3.7 and earlier Remote Desktop Manager iOS 2024.3.3.0 and earlier Remote Desktop Manager Powershell 2024.3.6.0 and earlier | ||||
| CVE-2025-1193 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 8.1 High |
| Improper host validation in the certificate validation component in Devolutions Remote Desktop Manager on 2024.3.19 and earlier on Windows allows an attacker to intercept and modify encrypted communications via a man-in-the-middle attack by presenting a certificate for a different host. | ||||
| CVE-2018-11087 | 2 Pivotal Software, Vmware | 2 Spring Advanced Message Queuing Protocol, Rabbitmq Java Client | 2025-03-27 | 5.9 Medium |
| Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. | ||||
| CVE-2023-23131 | 1 Selfwealth | 1 Selfwealth | 2025-03-27 | 7.5 High |
| Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. | ||||
| CVE-2022-45100 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 8.1 High |
| Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. | ||||
| CVE-2022-46496 | 1 Bticino | 1 Door Entry For Hometouch | 2025-03-26 | 5.9 Medium |
| BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. | ||||
| CVE-2022-34404 | 1 Dell | 1 System Update | 2025-03-26 | 6.5 Medium |
| Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. | ||||
| CVE-2024-28872 | 1 Isc | 1 Stork | 2025-03-26 | 8.9 High |
| The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0. | ||||
| CVE-2022-3913 | 1 Rapid7 | 1 Nexpose | 2025-03-26 | 5.3 Medium |
| Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server's FQDN or redirect legitimate traffic to the attacker's server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM. | ||||
| CVE-2022-31733 | 1 Cloudfoundry | 2 Cf-deployment, Diego | 2025-03-25 | 9.1 Critical |
| Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate. | ||||
| CVE-2023-22367 | 1 Ichiranusa | 1 Ichiran | 2025-03-21 | 5.9 Medium |
| Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | ||||
| CVE-2023-34410 | 4 Debian, Fedoraproject, Qt and 1 more | 4 Debian Linux, Fedora, Qt and 1 more | 2025-03-20 | 5.3 Medium |
| An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | ||||
| CVE-2024-29171 | 1 Dell | 1 Bsafe Ssl-j | 2025-03-19 | 5.9 Medium |
| Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. | ||||
| CVE-2024-41256 | 1 Filestash | 1 Filestash | 2025-03-18 | 5.9 Medium |
| Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly allowing attackers to access sensitive data via a man-in-the-middle attack. | ||||
| CVE-2023-49250 | 1 Apache | 1 Dolphinscheduler | 2025-03-18 | 7.3 High |
| Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server. This issue affects Apache DolphinScheduler: before 3.2.0. Users are recommended to upgrade to version 3.2.1, which fixes the issue. | ||||
| CVE-2022-27890 | 1 Palantir | 1 Atlasdb | 2025-03-18 | 6.3 Medium |
| It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of AtlasDB, the vulnerability was mitigated by other network controls such as two-way TLS when deployed as part of a Palantir platform. Palantir still recommends upgrading to a non-vulnerable version out of an abundance of caution. | ||||
| CVE-2022-48306 | 1 Palantir | 1 Gotham Chat Irc | 2025-03-18 | 5.7 Medium |
| Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. This issue affects: Palantir Palantir Gotham Chat IRC helper versions prior to 30221005.210011.9242. | ||||
| CVE-2022-48307 | 1 Palantir | 1 Magritte-ftp | 2025-03-18 | 6.3 Medium |
| It was discovered that the Magritte-ftp was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. In the case of a successful man in the middle attack on magritte-ftp, an attacker would be able to read and modify network traffic such as authentication tokens or raw data entering a Palantir Foundry stack. | ||||
| CVE-2022-48308 | 1 Palantir | 1 Sls-logging | 2025-03-18 | 6.3 Medium |
| It was discovered that the sls-logging was not verifying hostnames in TLS certificates due to a misuse of the javax.net.ssl.SSLSocketFactory API. A malicious attacker in a privileged network position could abuse this to perform a man-in-the-middle attack. A successful man-in-the-middle attack would allow them to intercept, read, or modify network communications to and from the affected service. | ||||
| CVE-2024-32928 | 2 Google, Haxx | 3 Nest Mini, Nest Mini Firmware, Libcurl | 2025-03-14 | 5.9 Medium |
| The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | ||||