Total
1411 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38355 | 1 Minitool | 1 Movie Maker | 2026-06-17 | N/A | 8.1 HIGH |
| MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-38354 | 1 Minitool | 1 Shadowmaker | 2026-06-17 | N/A | 8.1 HIGH |
| MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-38353 | 1 Minitool | 1 Power Data Recovery | 2026-06-17 | N/A | 5.9 MEDIUM |
| MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. | |||||
| CVE-2023-38352 | 1 Minitool | 1 Partition Wizard | 2026-06-17 | N/A | 8.1 HIGH |
| MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-38351 | 1 Minitool | 1 Partition Wizard | 2026-06-17 | N/A | 8.1 HIGH |
| MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-38325 | 1 Cryptography.io | 1 Cryptography | 2026-06-17 | N/A | 7.5 HIGH |
| The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. | |||||
| CVE-2023-38009 | 3 Apple, Google, Ibm | 3 Iphone Os, Android, Cognos Analytics | 2026-06-17 | N/A | 4.2 MEDIUM |
| IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. | |||||
| CVE-2023-35845 | 2 Anaconda, Linux | 2 Anaconda3, Linux Kernel | 2026-06-17 | N/A | 4.7 MEDIUM |
| Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected. | |||||
| CVE-2023-35721 | 1 Netgear | 2 Rax50, Rax50 Firmware | 2026-06-17 | N/A | 8.8 HIGH |
| NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981. | |||||
| CVE-2023-35142 | 1 Jenkins | 1 Checkmarx | 2026-06-17 | N/A | 8.1 HIGH |
| Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default. | |||||
| CVE-2023-34414 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-06-17 | N/A | 3.1 LOW |
| The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12. | |||||
| CVE-2023-34410 | 3 Debian, Fedoraproject, Qt | 3 Debian Linux, Fedora, Qt | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a chain is a configured CA certificate. | |||||
| CVE-2023-34143 | 3 Hitachi, Linux, Microsoft | 3 Device Manager, Linux Kernel, Windows | 2026-06-17 | N/A | 5.6 MEDIUM |
| Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02. | |||||
| CVE-2023-33861 | 2 Ibm, Linux | 2 Security Qradar Edr, Linux Kernel | 2026-06-17 | N/A | 6.5 MEDIUM |
| IBM Security ReaQta EDR 3.12 could allow an attacker to spoof a trusted entity by interfering with the communication path between the host and client. | |||||
| CVE-2023-33760 | 1 Splicecom | 1 Maximiser Soft Pbx | 2026-06-17 | N/A | 5.3 MEDIUM |
| SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack. | |||||
| CVE-2023-33757 | 1 Splicecom | 2 Ipcs, Ipcs2 | 2026-06-17 | N/A | 5.9 MEDIUM |
| A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack. | |||||
| CVE-2023-33295 | 1 Cohesity | 1 Cohesity Dataplatform | 2026-06-17 | N/A | 6.5 MEDIUM |
| Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation. | |||||
| CVE-2023-33201 | 1 Bouncycastle | 1 Bc-java | 2026-06-17 | N/A | 5.3 MEDIUM |
| Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. | |||||
| CVE-2023-32994 | 1 Jenkins | 1 Saml Single Sign On | 2026-06-17 | N/A | 3.7 LOW |
| Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. | |||||
| CVE-2023-32464 | 1 Dell | 90 Vxrail D560, Vxrail D560 Firmware, Vxrail D560f and 87 more | 2026-06-17 | N/A | 2.7 LOW |
| Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | |||||
