Falhas do tipo CWE-295

685 resultados
CVE-2019-1757Cisco IOS and IOS XE Software Smart Call Home Certificate Validation VulnerabilityEPSS 1.1%CVE-2021-22895Nextcloud Desktop Client before 3.3.1 is vulnerable to improper certificate validation due to lack of SSL certificate verification when usinEPSS 1.0%CVE-2017-2623MEDIUMIt was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering.EPSS 1.0%CVE-2022-32531MEDIUMApache BookKeeper: Java Client Uses Connection to Host that Failed Hostname VerificationEPSS 1.0%CVE-2021-40713MEDIUMAdobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle AttackEPSS 1.0%CVE-2019-3890HIGHIt was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confEPSS 1.0%CVE-2022-26305Execution of Untrusted Macros Due to Improper Certificate ValidationEPSS 1.0%CVE-2018-0334A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility CEPSS 1.0%CVE-2019-1590HIGHCisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication VulnerabilityEPSS 1.0%CVE-2017-13083MEDIUMAkeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attEPSS 1.0%CVE-2017-2649It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active DirectorEPSS 1.0%CVE-2016-10534electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strEPSS 1.0%CVE-2022-46496MEDIUMBTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.EPSS 0.9%CVE-2005-3170MEDIUMThe LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even wEPSS 0.9%CVE-2020-8156A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.EPSS 0.9%CVE-2022-42813CRITICALA certificate validation issue existed in the handling of WKWebView. This issue was addressed with improved validation. This issue is fixed EPSS 0.9%CVE-2020-15133HIGHMissing TLS certificate verification in Faye WebsocketEPSS 0.9%CVE-2022-0759A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsEPSS 0.9%CVE-2022-20814HIGHCisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation VulnerabilityEPSS 0.9%CVE-2019-1683MEDIUMCisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation VulnerabilityEPSS 0.9%