Fallos del tipo CWE-295

672 resultados

CVE-2015-4000LOWThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EEPSS 99.9%CVE-2020-0601HIGHA spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacEPSS 89.4%KEV CVE-2022-26923HIGHActive Directory Domain Services Elevation of Privilege VulnerabilityEPSS 83.3%KEV CVE-2023-27823CRITICALAn authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.EPSS 52.5%CVE-2018-8034HIGHThe host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache TomEPSS 21.3%CVE-2019-15604—Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificateEPSS 20.5%CVE-2021-22939—If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned anEPSS 14.7%CVE-2021-44533—Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craEPSS 9.4%CVE-2021-44531—Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bEPSS 8.4%CVE-2020-9488LOWImproper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted EPSS 7.8%CVE-2026-50752HIGHCertificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1EPSS 4.9%CVE-2020-8289—Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` EPSS 4.7%CVE-2020-8286—curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP responEPSS 4.6%CVE-2023-41991MEDIUMA certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be abEPSS 4.5%KEV CVE-2020-3342HIGHCisco Webex Meetings Desktop App for Mac Update Feature Code Execution VulnerabilityEPSS 3.8%CVE-2023-0464HIGHExcessive Resource Usage Verifying X.509 Policy ConstraintsEPSS 3.7%CVE-2012-2993MEDIUMMicrosoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-EPSS 3.6%CVE-2017-7562MEDIUMAn authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A EPSS 3.3%CVE-2024-51774HIGHqBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors.EPSS 3.3%CVE-2020-35662HIGHIn SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.EPSS 3.0%

← anteriorpágina 1 / 34siguiente →