Total
1039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-28162 | 2024-11-12 | N/A | 4.2 MEDIUM | ||
| In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation. | |||||
| CVE-2019-20461 | 2024-11-08 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side. | |||||
| CVE-2024-51774 | 1 Qbittorrent | 1 Qbittorrent | 2024-11-06 | N/A | 8.1 HIGH |
| qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. | |||||
| CVE-2024-30149 | 2024-11-01 | N/A | 4.8 MEDIUM | ||
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | |||||
| CVE-2024-23273 | 1 Apple | 4 Ipad Os, Iphone Os, Macos and 1 more | 2024-10-30 | N/A | 4.3 MEDIUM |
| This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. | |||||
| CVE-2024-28067 | 1 Samsung | 2 Exynos Modem 5300, Exynos Modem 5300 Firmware | 2024-10-30 | N/A | 3.7 LOW |
| A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext. | |||||
| CVE-2024-31955 | 2024-10-30 | N/A | 4.9 MEDIUM | ||
| An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information. | |||||
| CVE-2024-28021 | 1 Hitachienergy | 3 Foxman-un, Foxman Un, Unem | 2024-10-29 | N/A | 7.4 HIGH |
| A vulnerability exists in the FOXMAN-UN/UNEM server that affects the message queueing mechanism’s certificate validation. If exploited an attacker could spoof a trusted entity causing a loss of confidentiality and integrity. | |||||
| CVE-2024-39771 | 1 Safie | 4 Qbic Cloud Cc-2\/2l, Qbic Cloud Cc-2\/2l Firmware, Safie One and 1 more | 2024-10-28 | N/A | 6.8 MEDIUM |
| QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | |||||
| CVE-2024-37865 | 1 S3browser | 1 S3 Browser | 2024-10-28 | N/A | 5.9 MEDIUM |
| An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component. | |||||
| CVE-2024-43177 | 1 Ibm | 1 Concert | 2024-10-25 | N/A | 9.8 CRITICAL |
| IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute. | |||||
| CVE-2023-49567 | 1 Bitdefender | 1 Total Security | 2024-10-22 | N/A | 6.8 MEDIUM |
| A vulnerability has been identified in the Bitdefender Total Security HTTPS scanning functionality where the product incorrectly checks the site's certificate, which allows an attacker to make MITM SSL connections to an arbitrary site. The product trusts certificates that are issued using the MD5 and SHA1 collision hash functions which allow attackers to create rogue certificates that appear legitimate. | |||||
| CVE-2023-6055 | 1 Bitdefender | 1 Total Security | 2024-10-22 | N/A | 7.4 HIGH |
| A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software fails to properly validate website certificates. Specifically, if a site certificate lacks the "Server Authentication" specification in the Extended Key Usage extension, the product does not verify the certificate's compliance with the site, deeming such certificates as valid. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | |||||
| CVE-2023-6056 | 1 Bitdefender | 1 Total Security | 2024-10-22 | N/A | 7.4 HIGH |
| A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of self-signed certificates. The product is found to trust certificates signed with the RIPEMD-160 hashing algorithm without proper validation, allowing an attacker to establish MITM SSL connections to arbitrary sites. | |||||
| CVE-2023-6057 | 1 Bitdefender | 1 Total Security | 2024-10-22 | N/A | 7.4 HIGH |
| A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate. | |||||
| CVE-2023-49570 | 1 Bitdefender | 1 Total Security | 2024-10-22 | N/A | 7.4 HIGH |
| A vulnerability has been identified in Bitdefender Total Security HTTPS scanning functionality where the software trusts a certificate issued by an entity that isn't authorized to issue certificates. This occurs when the "Basic Constraints" extension in the certificate indicates that it is meant to be an "End Entity”. This flaw could allow an attacker to perform a Man-in-the-Middle (MITM) attack, intercepting and potentially altering communications between the user and the website. | |||||
| CVE-2023-6058 | 1 Bitdefender | 1 Total Security | 2024-10-22 | N/A | 6.8 MEDIUM |
| A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications. | |||||
| CVE-2024-47241 | 2024-10-21 | N/A | 5.5 MEDIUM | ||
| Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.24, contains an Improper Certificate Validation vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized access and modification of transmitted data. | |||||
| CVE-2018-8034 | 4 Apache, Canonical, Debian and 1 more | 4 Tomcat, Ubuntu Linux, Debian Linux and 1 more | 2024-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88. | |||||
| CVE-2024-43550 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-10-17 | N/A | 7.4 HIGH |
| Windows Secure Channel Spoofing Vulnerability | |||||