Falhas do tipo CWE-300

54 resultados

CVE-2021-21953HIGHAn authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. AEPSS 1.0%CVE-2017-6870—A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol imEPSS 0.9%CVE-2017-9941—A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle EPSS 0.9%CVE-2018-13298MEDIUMChannel accessible by non-endpoint vulnerability in privacy page in Synology Android Moments before 1.2.3-199 allows man-in-the-middle attacEPSS 0.9%CVE-2023-7008MEDIUMSystemd-resolved: unsigned name response in signed zone is not refused when dnssec=yesEPSS 0.8%CVE-2019-14899HIGHA vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent userEPSS 0.8%CVE-2020-11024MEDIUMMan-in-the-middle attack in Moonlight iOS/tvOSEPSS 0.8%CVE-2021-31386MEDIUMJunos OS: When using J-Web with HTTP an attacker may retrieve encryption keys via Person-in-the-Middle attacks.EPSS 0.7%CVE-2017-6052—A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verifieEPSS 0.6%CVE-2019-0054MEDIUMJunos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates.EPSS 0.6%CVE-2022-22156MEDIUMJunos OS: Certificate validation is skipped when fetching system scripts from a HTTPS URLEPSS 0.5%CVE-2024-32049HIGHBIG-IP Next Central Manager vulnerabilityEPSS 0.5%CVE-2023-2310MEDIUMChannel Accessible by Non-EndpointEPSS 0.5%CVE-2025-31214HIGHThis issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. An attacker in a privileged netEPSS 0.5%CVE-2023-32634HIGHAn authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attEPSS 0.4%CVE-2019-8282—Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language paEPSS 0.4%CVE-2024-50568MEDIUMA channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and beforeEPSS 0.4%CVE-2024-50565LOWA improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in Fortinet FortiOS version 7.4.0 through 7.4.EPSS 0.3%CVE-2024-31206HIGHUse of Unencrypted HTTP Request in dectalk-ttsEPSS 0.3%CVE-2024-45407MEDIUMSunshine has incorrect state management during pairing process may lead to incorrectly authorized clientEPSS 0.3%

← anteriorpágina 2 / 3próxima →