Export limit exceeded: 363504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51662 | 1 Snowflake | 1 Snowflake Connector | 2024-11-21 | 6 Medium |
| The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5. | ||||
| CVE-2023-50949 | 2024-11-21 | 5.9 Medium | ||
| IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | ||||
| CVE-2023-50463 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 6.5 Medium |
| The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions). | ||||
| CVE-2023-50454 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. | ||||
| CVE-2023-50179 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 4.7 Medium |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors. | ||||
| CVE-2023-50178 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 7.2 High |
| An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud. | ||||
| CVE-2023-4801 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 7.5 High |
| An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected. | ||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2024-11-21 | 7.5 High |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | ||||
| CVE-2023-49312 | 1 Precisionbridge | 1 Precision Bridge | 2024-11-21 | 9.1 Critical |
| Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | ||||
| CVE-2023-49247 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-48054 | 1 Localstack | 1 Localstack | 2024-11-21 | 7.4 High |
| Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||||
| CVE-2023-48052 | 1 Httpie | 1 Httpie | 2024-11-21 | 7.4 High |
| Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||||
| CVE-2023-47700 | 1 Ibm | 1 Storage Virtualize | 2024-11-21 | 5.9 Medium |
| IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016. | ||||
| CVE-2023-45613 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 6.8 Medium |
| In JetBrains Ktor before 2.3.5 server certificates were not verified | ||||
| CVE-2023-44463 | 1 Rami | 1 Pretix | 2024-11-21 | 5.3 Medium |
| An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application. | ||||
| CVE-2023-43082 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2024-11-21 | 8.6 High |
| Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the vCenter CA could be spoofed by an attacker who can obtain a CA-signed certificate. | ||||
| CVE-2023-42532 | 1 Samsung | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | ||||
| CVE-2023-42446 | 1 Powauth | 1 Pow | 2024-11-21 | 6.5 Medium |
| Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated. | ||||
| CVE-2023-42425 | 1 Turing | 2 Edge\+ Evc5fd, Edge\+ Evc5fd Firmware | 2024-11-21 | 9.8 Critical |
| An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. | ||||
| CVE-2023-41890 | 1 Sustainsys | 1 Saml2 | 2024-11-21 | 7.5 High |
| Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible. | ||||