Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5909 | 4 Ge, Ptc, Rockwellautomation and 1 more | 8 Industrial Gateway Server, Keepserverex, Opc-aggregator and 5 more | 2024-11-21 | N/A | 7.5 HIGH |
| KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. | |||||
| CVE-2023-5594 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. | |||||
| CVE-2023-5554 | 1 Linecorp | 1 Line | 2024-11-21 | N/A | 4.8 MEDIUM |
| Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | |||||
| CVE-2023-5422 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 8.7 HIGH |
| The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | |||||
| CVE-2023-51837 | 1 Meshcentral | 1 Meshcentral | 2024-11-21 | N/A | 9.8 CRITICAL |
| Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation. | |||||
| CVE-2023-51662 | 1 Snowflake | 1 Snowflake Connector | 2024-11-21 | N/A | 6.0 MEDIUM |
| The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | |||||
| CVE-2023-50949 | 2024-11-21 | N/A | 5.9 MEDIUM | ||
| IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | |||||
| CVE-2023-50454 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A | 5.9 MEDIUM |
| An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. | |||||
| CVE-2023-50356 | 1 Areal-topkapi | 1 Vision Server | 2024-11-21 | N/A | 6.5 MEDIUM |
| SSL connections to some LDAP servers are vulnerable to a man-in-the-middle attack due to improper certificate validation in AREAL Topkapi Vision (Server). This allows a remote unauthenticated attacker to gather sensitive information and prevent valid users from login. | |||||
| CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 4.8 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | |||||
| CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 7.4 HIGH |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | |||||
| CVE-2023-4801 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | N/A | 7.5 HIGH |
| An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | |||||
| CVE-2023-4586 | 2 Infinispan, Redhat | 2 Hot Rod, Data Grid | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. | |||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2024-11-21 | N/A | 7.5 HIGH |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | |||||
| CVE-2023-49312 | 1 Precisionbridge | 1 Precision Bridge | 2024-11-21 | N/A | 9.1 CRITICAL |
| Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | |||||
| CVE-2023-49247 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2023-48427 | 1 Siemens | 1 Sinec Ins | 2024-11-21 | N/A | 8.1 HIGH |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. | |||||
| CVE-2023-48054 | 1 Localstack | 1 Localstack | 2024-11-21 | N/A | 7.4 HIGH |
| Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | |||||
| CVE-2023-48052 | 1 Httpie | 1 Httpie | 2024-11-21 | N/A | 7.4 HIGH |
| Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | |||||
| CVE-2023-47700 | 1 Ibm | 1 Storage Virtualize | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. | |||||