Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/ex_aws/sns.ex, lib/ex_aws/sns/public_key_cache.ex and program routines 'Elixir.ExAws.SNS':verify_message/1, 'Elixir.ExAws.SNS.PublicKeyCache':get/1. 'Elixir.ExAws.SNS':verify_mes…

CVSS: 8.7 · CWE: CWE-295

View on NVD

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a va…

CVSS: 8.1 · CWE: CWE-295

View on NVD

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows forged OCSP responses signed with an expired responder certificate to be accepted as valid. OCSP response verification in pubkey_ocsp:verify_response/5 and pubkey_ocsp:is_authorized_responder/3 in lib/public_key/src/pubkey_ocsp.erl does not check the validity period (notBefore/notAfter) of the OCSP…

CVSS: 3.7 · CWE: CWE-295

View on NVD

An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.

CVSS: 7.0 · CWE: CWE-310

View on NVD

An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code.

CVSS: 8.8 · CWE: CWE-295

View on NVD

Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information tampering.

CVSS: 4.2 · CWE: CWE-295

View on NVD

Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.

CVSS: 6.8 · CWE: CWE-295

View on NVD

Multiple improper certificate validation vulnerabilities in the Palo Alto Networks GlobalProtect™ app enables an attacker to intercept encrypted communications and potentially compromise the endpoint. This can enable a local non-administrative operating system user or an attacker on the same subnet to redirect traffic to an unauthorized server and facilitate the installation of malicious software…

CVSS: 4.9 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can capture sensitive device information. The Prisma Access Agent on macOS, Windows, Linux and iOS are…

CVSS: 6.2 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability in the Palo Alto Networks Prisma SD-WAN ION enables man-in-the-middle (MitM) attacker to impersonate the controller.

CVSS: 5.2 · CWE: CWE-295

View on NVD

"Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notifications between the affected application and the relevant server.

CVSS: 7.4 · CWE: CWE-295

View on NVD

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms and hardcoded keys to decrypt and access stored passwords and 2FA secrets for all users.

CVSS: 8.1 · CWE: CWE-22

View on NVD

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.

CVSS: 7.4 · CWE: CWE-295

View on NVD

An Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to impersonate registered Sentry hosts and obtain valid CA-signed client certificates.

CVSS: 8.9 · CWE: CWE-295

View on NVD

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description:  In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validation (by default it is disabled) intending to affect only the Prometheus reporter, the undocumented global side effect c…

CVSS: 4.8 · CWE: CWE-295

View on NVD

Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contain(s) an Improper Certificate Validation vulnerability in certificate-based login. A low privileged attacker with remote access could potentially exploit this vulnerabili…

CVSS: 7.2 · CWE: CWE-295

View on NVD

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service en…

CVSS: 9.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a CA-designated responder certificate was cryptographically signed by the issuing CA. Instead, it only checks that the responder ce…

CVSS: 7.4 · CWE: CWE-295

View on NVD

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with…

CVSS: 7.4 · CWE: CWE-295

View on NVD

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice. This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0. Users are…

CVSS: 4.8 · CWE: CWE-295

View on NVD

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The project was…

CVSS: 3.7 · CWE: CWE-287

View on NVD

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

CVSS: 8.1 · CWE: CWE-295

View on NVD

Improper certificate validation in Devolutions Hub Reporting Service 2025.3.1.1 and earlier allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification.

CVSS: 8.1 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to execute arbitrary code.

CVSS: 7.1 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the application.

CVSS: 5.3 · CWE: CWE-295

View on NVD

Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.

CVSS: 2.5 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

CVSS: 6.7 · CWE: CWE-295

View on NVD

Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to spoof the identity of a signer. Exploitation of this issue requires user interaction.

CVSS: 5.5 · CWE: CWE-295

View on NVD

A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.8, FortiManager 7.2 all versions, FortiManager 7.0 all versions, FortiManager 6.4 all versions may allow a r…

CVSS: 6.9 · CWE: CWE-295

View on NVD

Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.

CVSS: 6.5 · CWE: CWE-295

View on NVD

Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true). This issue affects RustDesk Cl…

CVSS: 8.1 · CWE: CWE-295

View on NVD

Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.

CVSS: 7.5 · CWE: CWE-295

View on NVD

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests

CVSS: 7.4 · CWE: CWE-295

View on NVD

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options when 'jx_obj.IsSecure' is true

CVSS: 7.4 · CWE: CWE-295

View on NVD

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3.

CVSS: 6.5 · CWE: CWE-295

View on NVD

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options

CVSS: 9.1 · CWE: CWE-295

View on NVD

Improper Certificate Validation vulnerability in Thales SafeNet Agent for Windows Logon on Windows allows Signature Spoofing by Improper Validation.This issue affects SafeNet Agent for Windows Logon: 4.0.0, 4.1.1, 4.1.2.

CVSS: 2.5 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

CVSS: 1.3 · CWE: CWE-295

View on NVD

Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.

CVSS: 8.1 · CWE: CWE-295

View on NVD

Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.

CVSS: 3.7 · CWE: CWE-295

View on NVD

An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communications.  This may compromise the confidentiality and integrity of device-to-cloud communication, enabling manipulation of device data or operations.

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability exists in ToDesktop Builder v0.32.1 This vulnerability allows an unauthenticated, on-path attacker to spoof backend responses by exploiting insufficient certificate validation.

CVSS: 9.8 · CWE: CWE-295

View on NVD

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges.

CVSS: 7.4 · CWE: CWE-295

View on NVD

This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network could exploit this vulnerability by intercepting network traffic and capturing the credentials transmit…

CVSS: 8.7 · CWE: CWE-319

View on NVD

Weak Encryption Algorithm in StreamPark, The use of an AES cipher in ECB mode and a weak random number generator for encrypting sensitive data, including JWT tokens, may have risked exposing sensitive authentication data This issue affects Apache StreamPark: from 2.0.0 before 2.1.7. Users are recommended to upgrade to version 2.1.7, which fixes the issue.

CVSS: 7.5 · CWE: CWE-327

View on NVD

Improper certificate validation vulnerability exists in 'デジラアプリ' App for iOS prior to ver.80.10.00. If this vulnerability is exploited, a man-in-the-middle attack may allow an attacker to eavesdrop on and/or tamper with an encrypted communication.

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on the device. Devices with automatic updates enabled may already have this patch applied. If not, plea…

CVSS: 7.5 · CWE: CWE-295

View on NVD

Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.

CVSS: 3.1 · CWE: CWE-295

View on NVD

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware vers…

CVSS: 3.7 · CWE: CWE-287

View on NVD

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed.

CVSS: 6.5 · CWE: CWE-434

View on NVD

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.

CVSS: 5.9 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 ( 2025/04/23 ) and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation in Checkmk Exchange plugin Dell Powerscale allows attackers in MitM position to intercept traffic.

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation in Checkmk Exchange plugin VMware vSAN allows attackers in MitM position to intercept traffic.

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation in Checkmk Exchange plugin Freebox v6 agent allows attackers in MitM position to intercept traffic.

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation in Checkmk Exchange plugin BGP Monitoring allows attackers in MitM position to intercept traffic.

CVSS: 4.8 · CWE: CWE-295

View on NVD

A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens.

CVSS: 7.3 · CWE: CWE-295

View on NVD

ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of OpenSSL are enforcing some key sizes and those restrictions apply to the users of this gem also."

CVSS: 9.1 · CWE: CWE-326

View on NVD

poco v1.14.1-release was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

CVSS: 7.0 · CWE: CWE-327

View on NVD

jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant…

CVSS: 3.2 · CWE: CWE-326

View on NVD

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TIDAL music streaming application. The issue results from improper certificate validation. An attack…

CVSS: 8.0 · CWE: CWE-295

View on NVD

jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication.

CVSS: 7.0 · CWE: CWE-327

View on NVD

pyjwt v2.10.1 was discovered to contain weak encryption. NOTE: this is disputed by the Supplier because the key length is chosen by the application that uses the library (admittedly, library users may benefit from a minimum value and a mechanism for opting in to strict enforcement).

CVSS: 7.0 · CWE: CWE-311

View on NVD

jwt v5.4.3 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

CVSS: 7.0 · CWE: CWE-326

View on NVD

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not meant to recommend an outcome for this CVE Record.

CVSS: 6.5 · CWE: CWE-326

View on NVD

IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, and MQ Operator SC2 3.2.0 through 3.2.13 Internet Pass-Thru could allow a malicious user to obtain sensitive information from another TLS session connection by the proxy to the same hostname and port due to improper certificate validation.

CVSS: 5.9 · CWE: CWE-295

View on NVD

Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.

CVSS: 7.4 · CWE: CWE-295

View on NVD

Improper Certificate Validation (CWE-295) in the Controller 7000 OneLink implementation could allow an unprivileged attacker to perform a limited denial of service or perform privileged overrides during the initial configuration of the Controller, there is no risk for Controllers once they are connected. This issue affects Controller 7000: 9.30 prior to vCR9.30.250624a (distributed in 9.30.18…

CVSS: 6.5 · CWE: CWE-295

View on NVD

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network.

CVSS: 6.5 · CWE: CWE-295

View on NVD

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about th…

CVSS: 3.7 · CWE: CWE-287

View on NVD

An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This exposes HTTPS communications to man-in-the-middle (MITM) attacks.

CVSS: 8.3 · CWE: CWE-295

View on NVD

An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate.

CVSS: 6.5 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers who have gained user access to compromise the security of the system. We have already fixed the vulnerability in the following versions: File Station 5 5.5.6.4791 and later and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

CVSS: 6.7 · CWE: CWE-295

View on NVD

Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06.

CVSS: 5.3 · CWE: CWE-326

View on NVD

Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

CVSS: 6.5 · CWE: CWE-295

View on NVD

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.

CVSS: 5.7 · CWE: CWE-295

View on NVD

Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.

CVSS: 3.1 · CWE: CWE-295

View on NVD

Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers.

CVSS: 4.8 · CWE: CWE-296

View on NVD

An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to self sign an ODF document, with a signature untrusted by the target, then modify it to change the signature algorithm to an invalid (or unknown to LibreOffice) algorithm and LibreOffice would incorrectly present such a signature with an unknown algorithm as a valid signature issued by a trusted person Thi…

CVSS: 5.5 · CWE: CWE-295

View on NVD

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7, 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allow remote attackers to write limited files via unspecified vectors.

CVSS: 4.3 · CWE: CWE-295

View on NVD

Improper certificate validation vulnerability in the LDAP utilities in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows man-in-the-middle attackers to hijack the authentication of administrators via unspecified vectors.

CVSS: 7.5 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F.

CVSS: 4.8 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established b…

CVSS: 4.8 · CWE: CWE-295

View on NVD

Improper Certificate Validation (CWE-295) in the Gallagher Milestone Integration Plugin (MIP) permits unauthenticated messages (e.g. alarm events) to be sent to the Plugin. This issue effects Gallagher MIPS Plugin v4.0 prior to v4.0.32, all versions of v3.0 and prior.

CVSS: 7.2 · CWE: CWE-295

View on NVD

Improper Certificate Validation (CWE-295) in the Gallagher Command Centre SALTO integration allowed an attacker to spoof the SALTO server. This issue affects all versions of Gallagher Command Centre prior to 9.20.1043.

CVSS: 8.7 · CWE: CWE-295

View on NVD

An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later

CVSS: 8.8 · CWE: CWE-295

View on NVD

Insecure deserialization and improper certificate validation in Checkmk Exchange plugin check-mk-api prior to 5.8.1

CVSS: 9.8 · CWE: CWE-502

View on NVD

An Improper Certificate Validation vulnerability could allow an authenticated malicious actor with access to UniFi Protect Cameras adjacent network to make unsupported changes to the camera system.

CVSS: 6.4 · CWE: CWE-295

View on NVD

A vulnerability has been identified in APOGEE PXC Series (BACnet) (All versions), APOGEE PXC Series (P2 Ethernet) (All versions), TALON TC Series (BACnet) (All versions). Affected devices contain a weak encryption mechanism based on a hard-coded key. This could allow an attacker to guess or decrypt the password from the cyphertext.

CVSS: 7.5 · CWE: CWE-326

View on NVD

An Improper Certificate Validation on UniFi OS devices, with Identity Enterprise configured, could allow a malicious actor to execute a man-in-the-middle (MitM) attack during application update.

CVSS: 5.9 · CWE: CWE-295

View on NVD