Falhas do tipo CWE-295
685 resultadosCVE-2023-49250HIGHApache DolphinScheduler: Insecure TLS TrustManager used in HttpUtilEPSS 0.7%CVE-2022-3761—OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intEPSS 0.7%CVE-2022-33684HIGHApache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate ValidationEPSS 0.7%CVE-2021-21385HIGHDisabled hostname verification and accepting self-signed certificatesEPSS 0.7%CVE-2022-29222MEDIUMImproper Certificate Validation in Pion DTLSEPSS 0.7%CVE-2020-7924MEDIUMSpecific command line parameter might result in accepting invalid certificateEPSS 0.7%CVE-2026-5787HIGHAn Improper Certificate Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker EPSS 0.7%CVE-2021-25634—Timestamp Manipulation with Signature WrappingEPSS 0.7%CVE-2026-3336HIGHPKCS7_verify Certificate Chain Validation Bypass in AWS-LCEPSS 0.7%CVE-2025-14819MEDIUMOpenSSL partial chain store policy bypassEPSS 0.7%CVE-2020-7922MEDIUMKubernetes Operator generates potentially insecure certificatesEPSS 0.7%CVE-2024-37865MEDIUMAn issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatEPSS 0.7%CVE-2023-31485MEDIUMGitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.EPSS 0.7%CVE-2021-3698—A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security SerEPSS 0.7%CVE-2019-7615—A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certifiEPSS 0.6%CVE-2022-35898CRITICALOpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated uEPSS 0.6%CVE-2022-22549HIGHDell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit EPSS 0.6%CVE-2020-8279—Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.EPSS 0.6%CVE-2020-26184HIGHDell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.EPSS 0.6%CVE-2022-31105HIGHArgo CD's certificate verification is skipped for connections to OIDC providersEPSS 0.6%