Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-40464 | 1 Beego | 1 Beego | 2024-08-15 | 8.8 High |
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file | ||||
CVE-2023-48052 | 1 Httpie | 1 Httpie | 2024-08-14 | 7.4 High |
Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | ||||
CVE-2022-31105 | 2 Argoproj, Linuxfoundation | 2 Argo Cd, Argo-cd | 2024-08-07 | 8.3 High |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. This mitigation only forces certificate validation when the API server handles login flows. It does not force certificate verification when verifying tokens on API calls. | ||||
CVE-2021-21374 | 1 Nim-lang | 1 Nim | 2024-08-03 | 8.1 High |
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | ||||
CVE-2024-41265 | 1 Linuxfoundation | 1 Cortex | 2024-08-02 | 7.5 High |
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. | ||||
CVE-2024-36755 | 2024-08-02 | 6.8 Medium | ||
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack. | ||||
CVE-2024-41253 | 1 Goframe | 1 Goframe | 2024-08-01 | 7.1 High |
goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component. |
Page 1 of 1.