Total
1409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2026-06-17 | N/A | 5.9 MEDIUM |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | |||||
| CVE-2024-35140 | 1 Ibm | 1 Security Verify Access Docker | 2026-06-17 | N/A | 7.7 HIGH |
| IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: 292416. | |||||
| CVE-2024-33612 | 1 F5 | 1 Big-ip Next Central Manager | 2026-06-17 | N/A | 6.8 MEDIUM |
| An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2024-33509 | 1 Fortinet | 1 Fortiweb | 2026-06-17 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiWeb 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions and 6.3 all versions may allow a remote and unauthenticated attacker in a Man-in-the-Middle position to decipher and/or tamper with the communication channel between the device and different endpoints used to fetch data for Web Application Firewall (WAF). | |||||
| CVE-2024-32928 | 2 Google, Haxx | 3 Nest Mini, Nest Mini Firmware, Libcurl | 2026-06-17 | N/A | 5.9 MEDIUM |
| The libcurl CURLOPT_SSL_VERIFYPEER option was disabled on a subset of requests made by Nest production devices which enabled a potential man-in-the-middle attack on requests to Google cloud services by any host the traffic was routed through. | |||||
| CVE-2024-32865 | 1 Johnsoncontrols | 1 Exacqvision Server | 2026-06-17 | N/A | 6.4 MEDIUM |
| Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices. | |||||
| CVE-2024-31955 | 2026-06-17 | N/A | 4.9 MEDIUM | ||
| An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information. | |||||
| CVE-2024-31872 | 1 Ibm | 1 Security Verify Access | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. | |||||
| CVE-2024-31871 | 1 Ibm | 1 Security Verify Access | 2026-06-17 | N/A | 7.5 HIGH |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. | |||||
| CVE-2024-31854 | 1 Siemens | 1 Sicam Toolbox Ii | 2026-06-17 | N/A | 8.1 HIGH |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute an on-path network (MitM) attack. | |||||
| CVE-2024-31853 | 1 Siemens | 1 Sicam Toolbox Ii | 2026-06-17 | N/A | 8.1 HIGH |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check the extended key usage attribute of that device's certificate. This could allow an attacker to execute an on-path network (MitM) attack. | |||||
| CVE-2024-31489 | 1 Fortinet | 1 Forticlient | 2026-06-17 | N/A | 6.8 MEDIUM |
| AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation | |||||
| CVE-2024-31340 | 2026-06-17 | N/A | 4.8 MEDIUM | ||
| TP-Link Tether versions prior to 4.5.13 and TP-Link Tapo versions prior to 3.3.6 do not properly validate certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | |||||
| CVE-2024-30149 | 1 Hcltech | 1 Appscan Source | 2026-06-17 | N/A | 4.8 MEDIUM |
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | |||||
| CVE-2024-30134 | 1 Hcltech | 1 Traveler For Microsoft Outlook | 2026-06-17 | N/A | 6.7 MEDIUM |
| The HCL Traveler for Microsoft Outlook executable (HTMO.exe) is being flagged as potentially Malicious Software or an Unrecognized Application. | |||||
| CVE-2024-30020 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-06-17 | N/A | 8.1 HIGH |
| Windows Cryptographic Services Remote Code Execution Vulnerability | |||||
| CVE-2024-2379 | 3 Apple, Haxx, Netapp | 20 Macos, Curl, Active Iq Unified Manager and 17 more | 2026-06-17 | N/A | 6.3 MEDIUM |
| libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. | |||||
| CVE-2024-29733 | 1 Apache | 1 Apache-airflow-providers-ftp | 2026-06-17 | N/A | 2.7 LOW |
| Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.create_default_context() during FTP_TLS instantiation is used as mitigation to validate the certificates properly. This issue affects Apache Airflow FTP Provider: before 3.7.0. Users are recommended to upgrade to version 3.7.0, which fixes the issue. | |||||
| CVE-2024-29171 | 1 Dell | 1 Bsafe Ssl-j | 2026-06-17 | N/A | 5.9 MEDIUM |
| Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains an Improper certificate verification vulnerability. A remote attacker could potentially exploit this vulnerability, leading to information disclosure. | |||||
| CVE-2024-29072 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2026-06-17 | N/A | 8.2 HIGH |
| A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege. | |||||