CVE Daily
← All tags

Tag: TLS

All CVEs associated with "TLS". Page 4/13 • 1449 CVEs.

Subscribe CVEs: RSS for “TLS”  ·  RSS (High+Critical only)

About “TLS”

A curated feed of “TLS”-related CVEs appears below. We currently track 1449 CVEs for this tag (all time). In the last 365 days, 338 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 48% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-295 - Improper Certificate Validation, CWE-400 - Uncontrolled Resource Consumption, CWE-20 - Improper Input Validation.

In our taxonomy this topic maps to a MODERATE impact class. Crypto or TLS libraries have ecosystem wide impact. Upgrade, restart dependents, disable legacy protocols, and consider key rotation. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-02-27
Medium

CVE-2024-58018

In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP…

CVSS: 5.5 CWE: N/A View on NVD
2025-02-26
High

CVE-2024-55581

When AdaCore Ada Web Server 25.0.0 is linked with GnuTLS, the default behaviour of AWS.Client is vulnerable to a man-in-the-middle attack because of lack of verification of an HTTPS server's certific…

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2022-49722

In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled, when it reques…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2022-49701

In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are alloca…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
Medium

CVE-2022-49209

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full If tcp_bpf_sendmsg() is running while sk msg is full. When sk_m…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2022-49094

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix slab-out-of-bounds bug in decrypt_internal The memory size of tls_ctx->rx.iv for AES128-CCM is 12 setting in tls_set…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2025-02-20
Medium

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0  could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensi…

CVSS: 6.8 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
2025-02-15
Medium

CVE-2024-10405

Brocade SANnav before SANnav 2.3.1b enables weak TLS ciphers on ports 443 and 18082. In case of a successful exploit, an attacker can read Brocade SANnav data stream that includes monitored Brocad…

CVSS: 5.3 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2025-02-12
High

CVE-2025-1146

CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the…

CVSS: 8.1 CWE: CWE-296 - Improper Following of a Certificate's Chain of Trust View on NVD
2025-02-11
Medium

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSL_…

CVSS: 6.3 CWE: CWE-392 - Missing Report of Error Condition View on NVD
2025-02-06
High

CVE-2024-47258

2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an update…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2025-23217

mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmweb 11.1.1 and below, a malic…

CVSS: 8.2 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2025-02-05
High

CVE-2025-24326

When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which h…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2025-23419

When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. Thi…

CVSS: 4.3 CWE: CWE-863 - Incorrect Authorization View on NVD
Critical

CVE-2025-23114

A vulnerability in Veeam Updater component allows Man-in-the-Middle attackers to execute arbitrary code on the affected server. This issue occurs due to a failure to properly validate TLS certificate.

CVSS: 9.0 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-01-24
Medium

CVE-2024-50692

SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate…

CVSS: 5.4 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2025-01-23
High

CVE-2024-52330

ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2024-52329

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
2025-01-17
High

CVE-2025-23206

The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC cus…

CVSS: 8.1 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2025-01-15
High

CVE-2024-8603

A “Use of a Broken or Risky Cryptographic Algorithm” vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by u…

CVSS: 7.5 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
High

CVE-2025-0343

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided…

CVSS: 7.5 CWE: CWE-228 - Improper Handling of Syntactically Invalid Structure View on NVD
2025-01-14
High

CVE-2024-46667

A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to d…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2025-01-06
Medium

CVE-2025-21617

Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave serv…

CVSS: 6.3 CWE: CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) View on NVD
2024-12-27
Medium

CVE-2024-53224

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Move events notifier registration to be after device registration Move pkey change work initialization and cleanup fro…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-12-23
Medium

CVE-2024-53275

Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery i…

CVSS: 5.3 CWE: CWE-350 - Reliance on Reverse DNS Resolution for a Security-Critical Action View on NVD
2024-12-18
Medium

CVE-2024-56128

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (S…

CVSS: 5.3 CWE: CWE-303 - Incorrect Implementation of Authentication Algorithm View on NVD
2024-12-06
Medium

CVE-2024-11738

A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message.

CVSS: 5.3 CWE: CWE-248 - Uncaught Exception View on NVD
2024-11-21
Medium

CVE-2024-53091

In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in so…

CVSS: 5.5 CWE: N/A View on NVD
2024-11-18
Medium

CVE-2020-3548

A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attac…

CVSS: 5.3 CWE: CWE-407 - Inefficient Algorithmic Complexity View on NVD
High

CVE-2020-27124

A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, le…

CVSS: 8.6 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
Medium

CVE-2024-42391

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…

CVSS: 4.3 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
Medium

CVE-2024-42390

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…

CVSS: 4.3 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
Medium

CVE-2024-42389

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…

CVSS: 5.3 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
Medium

CVE-2024-42388

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…

CVSS: 5.3 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
Medium

CVE-2024-42387

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory spac…

CVSS: 5.3 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
High

CVE-2024-42386

Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

CVSS: 8.2 CWE: CWE-823 - Use of Out-of-range Pointer Offset View on NVD
High

CVE-2024-42384

Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application.

CVSS: 7.5 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2024-11-12
Medium

CVE-2024-48075

A Heap buffer overflow in the server-site handshake implementation in Real Time Logic SharkSSL from 09/09/24 and earlier allows a remote attacker to trigger a Denial-of-Service via a malformed TLS Cl…

CVSS: 5.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2024-49369

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-11-07
High

CVE-2024-38286

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13…

CVSS: 8.6 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-10-31
Medium

CVE-2024-30149

HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable.

CVSS: 4.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-10-24
Medium

CVE-2024-49762

Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a `DELETE` request with their current password in a query parameter will…

CVSS: 4.6 CWE: CWE-313 - Cleartext Storage in a File or on Disk View on NVD
2024-10-23
High

CVE-2024-20495

A vulnerability in the Remote Access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker…

CVSS: 8.6 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-20494

A vulnerability in the TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote atta…

CVSS: 8.6 CWE: CWE-1287 - Improper Validation of Specified Type of Input View on NVD
High

CVE-2024-20402

A vulnerability in the SSL VPN feature for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause…

CVSS: 8.6 CWE: CWE-788 - Access of Memory Location After End of Buffer View on NVD
High

CVE-2024-20339

A vulnerability in the TLS processing feature of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series could allow an unauthenticated, remote attacker to cause a denial of ser…

CVSS: 8.6 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2024-20260

A vulnerability in the VPN and management web servers of the Cisco Adaptive Security Virtual Appliance (ASAv) and Cisco Secure Firewall Threat Defense Virtual (FTDv), formerly Cisco Firepower Threat…

CVSS: 8.6 CWE: CWE-789 - Memory Allocation with Excessive Size Value View on NVD
2024-10-21
Medium

CVE-2024-50046

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoi…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-10-16
High

CVE-2024-47522

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, invalid ALPN in TLS/QUIC traffic when JA4 matching/loggin…

CVSS: 7.5 CWE: CWE-617 - Reachable Assertion View on NVD
2024-10-15
Critical

CVE-2024-49195

Mbed TLS 3.5.x through 3.6.x before 3.6.2 has a buffer underrun in pkwrite when writing an opaque key pair

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-10-11
High

CVE-2024-45402

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls (specifically, bindings within pico…

CVSS: 8.6 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2024-45397

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When an HTTP request using TLS/1.3 early data on top of TCP Fast Open or QUIC 0-RTT packets is received and the IP-address-based ac…

CVSS: 5.9 CWE: CWE-284 - Improper Access Control View on NVD
2024-10-08
High

CVE-2024-7206

SSL Pinning Bypass in eWeLink Some hardware products allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device via Flash the modified firmware

CVSS: 7.0 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-10-02
Medium

CVE-2024-20500

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition in…

CVSS: 5.8 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2024-20385

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an unauthenticated, remote attacker to intercept sensitive information from an affected device.&n…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
Critical

CVE-2024-44097

According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the T…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-10-01
Medium

CVE-2024-47609

Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting…

CVSS: 6.9 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
Medium

CVE-2024-9355

A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may…

CVSS: 6.5 CWE: CWE-457 - Use of Uninitialized Variable View on NVD
2024-09-26
Medium

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, `<nix/fetchurl.nix>` did not verify TLS certificates on HTTPS connections.…

CVSS: 5.9 CWE: CWE-287 - Improper Authentication View on NVD
2024-09-23
High

CVE-2024-43201

The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive informa…

CVSS: 8.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-09-18
High

CVE-2024-8287

Anbox Management Service, in versions 1.17.0 through 1.23.0, does not validate the TLS certificate provided to it by the Anbox Stream Agent. An attacker must be able to machine-in-the-middle the Anbo…

CVSS: 7.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
Medium

CVE-2024-46785

In the Linux kernel, the following vulnerability has been resolved: eventfs: Use list_del_rcu() for SRCU protected list variable Chi Zhiling reported: We found a null pointer accessing in tracef…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-09-17
Medium

CVE-2024-45537

Apache Druid allows users with certain permissions to read data from other database systems using JDBC. This functionality allows trusted users to set up Druid lookups or run ingestion tasks. Druid a…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2024-09-11
Medium

CVE-2024-45017

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec RoCE MPV trace call Prevent the call trace below from happening, by not allowing IPsec creation over a slave,…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2024-8096

When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems a…

CVSS: 6.5 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-09-07
High

CVE-2024-40714

An improper certificate validation vulnerability in TLS certificate validation allows an attacker on the same network to intercept sensitive credentials during restore operations.

CVSS: 8.3 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-09-05
Critical

CVE-2024-45159

An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
Critical

CVE-2024-45158

An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest…

CVSS: 9.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
Medium

CVE-2024-45157

An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not…

CVSS: 5.1 CWE: CWE-696 - Incorrect Behavior Order View on NVD
2024-09-03
High

CVE-2024-6119

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the…

CVSS: 7.5 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so th…

CVSS: 7.2 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
2024-09-02
High

CVE-2024-5148

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client con…

CVSS: 7.5 CWE: CWE-488 - Exposure of Data Element to Wrong Session View on NVD
2024-08-30
Medium

CVE-2024-8285

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resultin…

CVSS: 5.9 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
2024-08-28
High

CVE-2021-38121

Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authent…

CVSS: 8.3 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2024-08-27
Medium

CVE-2024-5288

An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with…

CVSS: 5.1 CWE: CWE-922 - Insecure Storage of Sensitive Information View on NVD
2024-08-21
High

CVE-2024-8007

A flaw was found in the openstack-tripleo-common component of the Red Hat OpenStack Platform (RHOSP) director. This vulnerability allows an attacker to deploy potentially compromised container images…

CVSS: 8.1 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-08-13
High

CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper ho…

CVSS: 7.4 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
2024-08-12
High

CVE-2024-5800

Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.

CVSS: 7.5 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
Low

CVE-2024-5445

Ecosystem Agent version 4 < 4.1.5.2597 and Ecosystem Agent version 5 < 5.1.4.2473 did not properly validate SSL/TLS certificates, which could allow a malicious actor to perform a Man-in-the-Middle an…

CVSS: 3.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-08-06
Critical

CVE-2024-41270

An issue discovered in the RunHTTPServer function in Gorush v1.18.4 allows attackers to intercept and manipulate data due to use of deprecated TLS version.

CVSS: 9.1 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2024-08-05
High

CVE-2024-7383

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD tra…

CVSS: 7.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-08-01
Medium

CVE-2024-32865

Under certain circumstances the exacqVision Server will not properly validate TLS certificates provided by connected devices.

CVSS: 6.4 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2024-41265

A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.

CVSS: 7.5 CWE: CWE-599 - Missing Validation of OpenSSL Certificate View on NVD
2024-07-31
Medium

CVE-2024-41256

Default configurations in the ShareProofVerifier function of filestash v0.4 causes the application to skip the TLS certificate verification process when sending out email verification codes, possibly…

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
High

CVE-2024-41255

filestash v0.4 is configured to skip TLS certificate verification when using the FTPS protocol, possibly allowing attackers to execute a man-in-the-middle attack via the Init function of index.go.

CVSS: 7.5 CWE: CWE-453 - Insecure Default Variable Initialization View on NVD
High

CVE-2024-41253

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.

CVSS: 7.1 CWE: CWE-599 - Missing Validation of OpenSSL Certificate View on NVD
2024-07-18
Critical

CVE-2024-39907

1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately lea…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2024-07-17
High

CVE-2024-20323

A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes an…

CVSS: 7.5 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
2024-07-11
High

CVE-2024-28872

The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the va…

CVSS: 8.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-07-09
Medium

CVE-2024-38867

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.64), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.64), SIPROTEC 5 6MD86 (CP2…

CVSS: 5.9 CWE: CWE-326 - Inadequate Encryption Strength View on NVD
2024-07-05
High

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.…

CVSS: 7.5 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2024-07-02
Medium

CVE-2023-41928

The device is observed to accept deprecated TLS protocols, increasing the risk of cryptographic weaknesses.

CVSS: 5.3 CWE: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm View on NVD
2024-06-27
High

CVE-2023-52892

In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regul…

CVSS: 7.5 CWE: CWE-436 - Interpretation Conflict View on NVD
Critical

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A b…

CVSS: 9.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
2024-06-25
Critical

CVE-2024-5261

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through…

CVSS: 9.8 CWE: CWE-295 - Improper Certificate Validation View on NVD
2024-06-21
Medium

CVE-2024-36489

In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may caus…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-06-19
Medium

CVE-2021-47591

In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-06-17
High

CVE-2024-37305

oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been…

CVSS: 8.2 CWE: CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') View on NVD
High

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggere…

CVSS: 7.4 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2024-06-13
High

CVE-2024-37307

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.0 and prior to versions 1.13.7, 1.14.12, and 1.15.6, the output of `cilium-bugtool`…

CVSS: 7.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2024-37309

CrateDB is a distributed SQL database. A high-risk vulnerability has been identified in versions prior to 5.7.2 where the TLS endpoint (port 4200) permits client-initiated renegotiation. In this scen…

CVSS: 5.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-05-30
Medium

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when ses…

CVSS: 5.5 CWE: CWE-667 - Improper Locking View on NVD
2024-05-28
Critical

CVE-2024-22590

The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connecti…

CVSS: 9.1 CWE: CWE-372 - Incomplete Internal State Distinction View on NVD
2024-05-22
High

CVE-2021-47496

In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2024-05-21
Medium

CVE-2023-52767

In the Linux kernel, the following vulnerability has been resolved: tls: fix NULL deref on tls_sw_splice_eof() with empty record syzkaller discovered that if tls_sw_splice_eof() is executed as part…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2023-52743

In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_depende…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-19
Medium

CVE-2024-35927

In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initia…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2024-35908

In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then c…

CVSS: 5.5 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
2024-05-18
Medium

CVE-2024-23556

SSL/TLS Renegotiation functionality potentially leading to DoS attack vulnerability.

CVSS: 5.9 CWE: N/A View on NVD
2024-05-17
Medium

CVE-2024-35841

In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path…

CVSS: 5.5 CWE: N/A View on NVD
2024-05-16
Medium

CVE-2024-4603

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA…

CVSS: 5.3 CWE: CWE-606 - Unchecked Input for Loop Condition View on NVD
2024-05-14
Medium

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.

CVSS: 5.9 CWE: CWE-203 - Observable Discrepancy View on NVD
High

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by se…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch (CWE-297). When certificates are used to authenticate client…

CVSS: 7.7 CWE: N/A View on NVD
2024-05-07
Medium

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine…

CVSS: 6.0 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2024-05-03
High

CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identi…

CVSS: 7.5 CWE: CWE-297 - Improper Validation of Certificate with Host Mismatch View on NVD
2024-05-01
Medium

CVE-2024-32973

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically…

CVSS: 4.8 CWE: CWE-284 - Improper Access Control View on NVD
2024-04-28
Medium

CVE-2022-48640

In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bo…

CVSS: 5.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2024-04-25
Medium

CVE-2023-6237

Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experie…

CVSS: 5.9 CWE: CWE-606 - Unchecked Input for Loop Condition View on NVD
2024-04-21
Low

CVE-2024-29733

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS connections, which can potentially be leveraged. Implement…

CVSS: 2.7 CWE: CWE-295 - Improper Certificate Validation View on NVD