Total
1005 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38351 | 1 Minitool | 1 Partition Wizard | 2024-02-28 | N/A | 8.1 HIGH |
| MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-5554 | 1 Linecorp | 1 Line | 2024-02-28 | N/A | 9.8 CRITICAL |
| Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | |||||
| CVE-2023-46724 | 1 Squid-cache | 1 Squid | 2024-02-28 | N/A | 7.5 HIGH |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | |||||
| CVE-2023-38355 | 1 Minitool | 1 Movie Maker | 2024-02-28 | N/A | 8.1 HIGH |
| MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-31421 | 1 Elastic | 4 Apm Server, Elastic Agent, Elastic Beats and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
| It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected. | |||||
| CVE-2023-0430 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
| Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1. | |||||
| CVE-2023-24461 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2024-02-28 | N/A | 5.9 MEDIUM |
| An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2023-25392 | 1 Allegro | 1 Bigflow | 2024-02-28 | N/A | 5.9 MEDIUM |
| Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. | |||||
| CVE-2023-22642 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-28 | N/A | 8.1 HIGH |
| An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. | |||||
| CVE-2023-30222 | 1 4d | 1 Server | 2024-02-28 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. | |||||
| CVE-2023-35142 | 1 Jenkins | 1 Checkmarx | 2024-02-28 | N/A | 8.1 HIGH |
| Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. | |||||
| CVE-2023-31485 | 1 Gitlab\ | 1 \ | 2024-02-28 | N/A | 5.9 MEDIUM |
| GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | |||||
| CVE-2022-39161 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | N/A | 5.3 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. | |||||
| CVE-2022-27644 | 1 Netgear | 48 Cbr40, Cbr40 Firmware, Lbr1020 and 45 more | 2024-02-28 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797. | |||||
| CVE-2023-29000 | 1 Nextcloud | 1 Desktop | 2024-02-28 | N/A | 6.5 MEDIUM |
| The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available. | |||||
| CVE-2023-32994 | 1 Jenkins | 1 Saml Single Sign On | 2024-02-28 | N/A | 3.7 LOW |
| Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. | |||||
| CVE-2023-30516 | 1 Jenkins | 1 Image Tag Parameter | 2024-02-28 | N/A | 6.5 MEDIUM |
| Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. | |||||
| CVE-2023-0547 | 1 Mozilla | 1 Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
| OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10. | |||||
| CVE-2023-31486 | 2 Http\, Perl | 2 \, Perl | 2024-02-28 | N/A | 8.1 HIGH |
| HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | |||||
| CVE-2023-34414 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 3.1 LOW |
| The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||