Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1907 vulnerabilities reference this CWE, most recent first.

CVE-2024-52510 (GCVE-0-2024-52510)

Vulnerability from cvelistv5 – Published: 2024-11-15 17:29 – Updated: 2024-11-15 18:20
VLAI
Title
Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty
Summary
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
nextcloud security-advisories Affected: >= 3.0.0, < 3.14.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52510",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T18:19:59.060560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T18:20:10.869Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.14.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T17:29:44.840Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v"
        },
        {
          "name": "https://github.com/nextcloud/desktop/pull/7333",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/desktop/pull/7333"
        },
        {
          "name": "https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7"
        },
        {
          "name": "https://hackerone.com/reports/2597504",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2597504"
        }
      ],
      "source": {
        "advisory": "GHSA-r4qc-m9mj-452v",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52510",
    "datePublished": "2024-11-15T17:29:44.840Z",
    "dateReserved": "2024-11-11T18:49:23.558Z",
    "dateUpdated": "2024-11-15T18:20:10.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52330 (GCVE-0-2024-52330)

Vulnerability from cvelistv5 – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI
Title
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates
Summary
ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
ECOVACS DEEBOT X5 PRO PLUS Unaffected: 1.38.0
Affected: 0 , < 1.38.0 (custom)
Create a notification for this product.
ECOVACS DEEBOT X5 PRO Unaffected: 1.70.0
Affected: 0 , < 1.70.0 (custom)
Create a notification for this product.
ECOVACS DEEBOT X2S Affected: 0 , < 1.49.0 (custom)
Unaffected: 1.49.0
Create a notification for this product.
ECOVACS DEEBOT X2 OMNI Unaffected: 1.76.6
Affected: 0 , < 1.76.6 (custom)
Create a notification for this product.
ECOVACS DEEBOT X1 TURBO Affected: 0 , < 2.4.41 (custom)
Unaffected: 2.4.41
Create a notification for this product.
ECOVACS DEEBOT X1 Unaffected: 1.7.3
Affected: 0 , < 1.7.3 (custom)
Create a notification for this product.
ECOVACS DEEBOT X1S PRO Unaffected: 2.5.31
Affected: 0 , < 2.5.31 (custom)
Create a notification for this product.
ECOVACS DEEBOT X1e OMNI Unaffected: 2.4.42
Affected: 0 , < 2.4.42 (custom)
Create a notification for this product.
ECOVACS DEEBOT T10 PLUS Unaffected: 1.7.5
Affected: 0 , < 1.7.5 (custom)
Create a notification for this product.
ECOVACS DEEBOT T10 OMNI Affected: 0 , < 1.9.0 (custom)
Unaffected: 1.9.0
Create a notification for this product.
ECOVACS DEEBOT X5 PRO ULTRA Affected: 0 , < 1.17.0 (custom)
Unaffected: 1.17.0
Create a notification for this product.
ECOVACS Mate X Unaffected: 1.44.18
Affected: 0 , < 1.44.18 (custom)
Create a notification for this product.
ECOVACS DEEBOT X2 PRO Unaffected: 1.76.6
Affected: 0 , < 1.76.6 (custom)
Create a notification for this product.
ECOVACS DEEBOT X2 COMBO Affected: 0 , < 1.81.10 (custom)
Unaffected: 1.81.10
Create a notification for this product.
ECOVACS DEEBOT X1 OMNI Affected: 0 , < 2.4.41 (custom)
Unaffected: 2.4.41
Create a notification for this product.
ECOVACS DEEBOT X1 PRO OMNI Unaffected: 2.4.41
Affected: 0 , < 2.4.41 (custom)
Create a notification for this product.
ECOVACS DEEBOT X1 PLUS Unaffected: 1.7.3
Affected: 0 , < 1.7.3 (custom)
Create a notification for this product.
ECOVACS DEEBOT X1S PRO PLUS Unaffected: 1.23.0
Affected: 0 , < 1.23.0 (custom)
Create a notification for this product.
ECOVACS DEEBOT T10 TURBO Unaffected: 1.10.0
Affected: 0 , < 1.10.0 (custom)
Create a notification for this product.
ECOVACS DEEBOT T10 Affected: 0 , < 1.7.5 (custom)
Unaffected: 1.7.5
Create a notification for this product.
Date Public
2023-12-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52330",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T16:56:31.855219Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:41:28.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X5 PRO PLUS",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.38.0"
            },
            {
              "lessThan": "1.38.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X5 PRO",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.70.0"
            },
            {
              "lessThan": "1.70.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X2S",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "1.49.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.49.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X2  OMNI",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.76.6"
            },
            {
              "lessThan": "1.76.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1 TURBO",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "2.4.41",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "2.4.41"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.7.3"
            },
            {
              "lessThan": "1.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1S PRO",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "2.5.31"
            },
            {
              "lessThan": "2.5.31",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1e OMNI",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "2.4.42"
            },
            {
              "lessThan": "2.4.42",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT T10 PLUS",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.7.5"
            },
            {
              "lessThan": "1.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT T10 OMNI",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "1.9.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.9.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X5 PRO ULTRA",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "1.17.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.17.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Mate X",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.44.18"
            },
            {
              "lessThan": "1.44.18",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X2 PRO",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.76.6"
            },
            {
              "lessThan": "1.76.6",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X2 COMBO",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "1.81.10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.81.10"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1 OMNI",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "2.4.41",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "2.4.41"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1 PRO OMNI",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "2.4.41"
            },
            {
              "lessThan": "2.4.41",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1 PLUS",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.7.3"
            },
            {
              "lessThan": "1.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT X1S PRO PLUS",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.23.0"
            },
            {
              "lessThan": "1.23.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT T10 TURBO",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "1.10.0"
            },
            {
              "lessThan": "1.10.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "DEEBOT T10",
          "vendor": "ECOVACS",
          "versions": [
            {
              "lessThan": "1.7.5",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "1.7.5"
            }
          ]
        }
      ],
      "datePublic": "2023-12-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        },
        {
          "cvssV4_0": {
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-23T16:36:50.128Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "name": "url",
          "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
        },
        {
          "name": "url",
          "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
        },
        {
          "name": "url",
          "url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
        }
      ],
      "title": "ECOVACS lawnmowers and vacuums do not properly validate TLS certificates"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2024-52330",
    "datePublished": "2025-01-23T16:36:50.128Z",
    "dateReserved": "2024-11-08T01:06:02.405Z",
    "dateUpdated": "2025-02-12T20:41:28.969Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-52329 (GCVE-0-2024-52329)

Vulnerability from cvelistv5 – Published: 2025-01-23 16:36 – Updated: 2025-02-12 20:41
VLAI
Title
ECOVACS HOME mobile app plugins do not properly validate TLS certificates
Summary
ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
ECOVACS ECOVACS HOME Unaffected: 3.0.0
Affected: 0 , < 3.0.0 (custom)
Create a notification for this product.
Date Public
2023-12-27 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52329",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T16:56:47.220852Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:41:29.110Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "ECOVACS HOME",
          "vendor": "ECOVACS",
          "versions": [
            {
              "status": "unaffected",
              "version": "3.0.0"
            },
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-12-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 9.5,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-23T16:36:06.533Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "name": "url",
          "url": "https://dontvacuum.me/talks/HITCON2024/HITCON-CMT-2024_Ecovacs.pdf"
        },
        {
          "name": "url",
          "url": "https://dontvacuum.me/talks/37c3-2023/37c3-vacuuming-and-mowing.pdf"
        },
        {
          "name": "url",
          "url": "https://www.ecovacs.com/global/userhelp/dsa20241217001"
        }
      ],
      "title": "ECOVACS HOME mobile app plugins do not properly validate TLS certificates"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2024-52329",
    "datePublished": "2025-01-23T16:36:06.533Z",
    "dateReserved": "2024-11-08T01:06:02.405Z",
    "dateUpdated": "2025-02-12T20:41:29.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-50394 (GCVE-0-2024-50394)

Vulnerability from cvelistv5 – Published: 2025-03-07 16:13 – Updated: 2025-03-07 18:02
VLAI
Title
Helpdesk
Summary
An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. Helpdesk Affected: 3.3.x , < 3.3.3 (custom)
Create a notification for this product.
Credits
Corentin '@OnlyTheDuck' BAYET
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-50394",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-07T18:02:47.089947Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-07T18:02:58.278Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Helpdesk",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "3.3.3",
              "status": "affected",
              "version": "3.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Corentin \u0027@OnlyTheDuck\u0027 BAYET"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following version:\u003cbr\u003eHelpdesk 3.3.3 and later\u003cbr\u003e"
            }
          ],
          "value": "An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nHelpdesk 3.3.3 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-475",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-475"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-07T16:13:11.034Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-25-05"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following version:\u003cbr\u003eHelpdesk 3.3.3 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following version:\nHelpdesk 3.3.3 and later"
        }
      ],
      "source": {
        "advisory": "QSA-25-05",
        "discovery": "EXTERNAL"
      },
      "title": "Helpdesk",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-50394",
    "datePublished": "2025-03-07T16:13:11.034Z",
    "dateReserved": "2024-10-24T03:41:08.489Z",
    "dateUpdated": "2025-03-07T18:02:58.278Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-49369 (GCVE-0-2024-49369)

Vulnerability from cvelistv5 – Published: 2024-11-12 16:44 – Updated: 2025-11-03 22:22
VLAI
Title
Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections
Summary
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
Icinga icinga2 Affected: >= 2.4.0, < 2.11.12
Affected: >= 2.12.0, < 2.12.11
Affected: >= 2.13.0, < 2.13.10
Affected: >= 2.14.0, < 2.14.3
Create a notification for this product.
icinga icinga_web_2 Affected: 2.4.0 , < 2.11.12 (custom)
Affected: 2.12.0 , < 2.12.11 (custom)
Affected: 2.13.0 , < 2.13.10 (custom)
Affected: 2.14.0 , < 2.14.3 (custom)
    cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:icinga:icinga_web_2:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "icinga_web_2",
            "vendor": "icinga",
            "versions": [
              {
                "lessThan": "2.11.12",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.12.11",
                "status": "affected",
                "version": "2.12.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.13.10",
                "status": "affected",
                "version": "2.13.0",
                "versionType": "custom"
              },
              {
                "lessThan": "2.14.3",
                "status": "affected",
                "version": "2.14.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49369",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T17:01:31.893265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T17:06:41.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:22:15.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "icinga2",
          "vendor": "Icinga",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.4.0, \u003c 2.11.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.12.0, \u003c 2.12.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.13.0, \u003c 2.13.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.14.0, \u003c 2.14.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-12T16:44:01.713Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Icinga/icinga2/security/advisories/GHSA-j7wq-r9mg-9wpv"
        },
        {
          "name": "https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga2/commit/0419a2c36de408e9a703aec0962061ec9a285d3c"
        },
        {
          "name": "https://github.com/Icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga2/commit/2febc5e18ae0c93d989e64ebc2a9fd90e7205ad8"
        },
        {
          "name": "https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga2/commit/3504fc7ed688c10d86988e2029a65efc311393fe"
        },
        {
          "name": "https://github.com/Icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga2/commit/869a7d6f0fe38c748e67bacc1fbdd42c933030f6"
        },
        {
          "name": "https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Icinga/icinga2/commit/8fed6608912c752b337d977f730547875a820831"
        },
        {
          "name": "https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3"
        }
      ],
      "source": {
        "advisory": "GHSA-j7wq-r9mg-9wpv",
        "discovery": "UNKNOWN"
      },
      "title": "Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-49369",
    "datePublished": "2024-11-12T16:44:01.713Z",
    "dateReserved": "2024-10-14T13:56:34.811Z",
    "dateUpdated": "2025-11-03T22:22:15.314Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-48915 (GCVE-0-2024-48915)

Vulnerability from cvelistv5 – Published: 2024-10-15 17:12 – Updated: 2024-11-21 16:53
VLAI
Title
Agent Dart missing certificate verification checks
Summary
Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
AstroxNetwork agent_dart Affected: < 1.0.0-dev.29
Create a notification for this product.
astroxnetwork agent_dart Affected: 0 , < 1.0.0-dev.29 (custom)
    cpe:2.3:a:astroxnetwork:agent_dart:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:astroxnetwork:agent_dart:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agent_dart",
            "vendor": "astroxnetwork",
            "versions": [
              {
                "lessThan": "1.0.0-dev.29",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T18:52:37.058890Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T16:53:44.140Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "agent_dart",
          "vendor": "AstroxNetwork",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.0-dev.29"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren\u0027t verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate\u2019s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T17:12:31.400Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/AstroxNetwork/agent_dart/security/advisories/GHSA-fmj7-7gfw-64pg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/AstroxNetwork/agent_dart/security/advisories/GHSA-fmj7-7gfw-64pg"
        },
        {
          "name": "https://github.com/AstroxNetwork/agent_dart/commit/0d200686aabcd9313c7bc3e675cbdc82f6b775cf",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AstroxNetwork/agent_dart/commit/0d200686aabcd9313c7bc3e675cbdc82f6b775cf"
        },
        {
          "name": "https://github.com/AstroxNetwork/agent_dart/blob/f50971dfae3f536c1720f0084f28afbcf5d99cb5/lib/agent/certificate.dart#L162",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AstroxNetwork/agent_dart/blob/f50971dfae3f536c1720f0084f28afbcf5d99cb5/lib/agent/certificate.dart#L162"
        },
        {
          "name": "https://github.com/AstroxNetwork/agent_dart/blob/main/lib/agent/certificate.dart",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/AstroxNetwork/agent_dart/blob/main/lib/agent/certificate.dart"
        }
      ],
      "source": {
        "advisory": "GHSA-fmj7-7gfw-64pg",
        "discovery": "UNKNOWN"
      },
      "title": "Agent Dart missing certificate verification checks"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-48915",
    "datePublished": "2024-10-15T17:12:31.400Z",
    "dateReserved": "2024-10-09T22:06:46.172Z",
    "dateUpdated": "2024-11-21T16:53:44.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48865 (GCVE-0-2024-48865)

Vulnerability from cvelistv5 – Published: 2024-12-06 16:36 – Updated: 2024-12-06 19:38
VLAI
Title
QTS, QuTS hero
Summary
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
QNAP Systems Inc. QTS Affected: 5.1.x , < 5.1.9.2954 build 20241120 (custom)
Affected: 5.2.x , < 5.2.2.2950 build 20241114 (custom)
Create a notification for this product.
QNAP Systems Inc. QuTS hero Affected: h5.1.x , < h5.1.9.2954 build 20241120 (custom)
Affected: h5.2.x , < h5.2.2.2952 build 20241116 (custom)
Create a notification for this product.
qnap qts Affected: 5.1.x , < 5.1.9.2954 build 20241120 (custom)
Affected: 5.2.x , < 5.2.2.2950 build 20241114 (custom)
    cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
Create a notification for this product.
qnap quts_hero Affected: h5.1.x , < h5.1.9.2954 build 20241120 (custom)
Affected: h5.2.x , < h5.2.2.2952 build 20241116 (custom)
    cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Pwn2Own 2024 - ExLuck of ANHTUD
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "qts",
            "vendor": "qnap",
            "versions": [
              {
                "lessThan": "5.1.9.2954 build 20241120",
                "status": "affected",
                "version": "5.1.x",
                "versionType": "custom"
              },
              {
                "lessThan": "5.2.2.2950 build 20241114",
                "status": "affected",
                "version": "5.2.x",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "quts_hero",
            "vendor": "qnap",
            "versions": [
              {
                "lessThan": "h5.1.9.2954 build 20241120",
                "status": "affected",
                "version": "h5.1.x",
                "versionType": "custom"
              },
              {
                "lessThan": "h5.2.2.2952 build 20241116",
                "status": "affected",
                "version": "h5.2.x",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48865",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-06T19:27:45.106148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-06T19:38:27.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "QTS",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "5.1.9.2954 build 20241120",
              "status": "affected",
              "version": "5.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "5.2.2.2950 build 20241114",
              "status": "affected",
              "version": "5.2.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "QuTS hero",
          "vendor": "QNAP Systems Inc.",
          "versions": [
            {
              "lessThan": "h5.1.9.2954 build 20241120",
              "status": "affected",
              "version": "h5.1.x",
              "versionType": "custom"
            },
            {
              "lessThan": "h5.2.2.2952 build 20241116",
              "status": "affected",
              "version": "h5.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pwn2Own 2024 - ExLuck of ANHTUD"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.\u003cbr\u003e\u003cbr\u003eWe have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.9.2954 build 20241120 and later\u003cbr\u003eQTS 5.2.2.2950 build 20241114 and later\u003cbr\u003eQuTS hero h5.1.9.2954 build 20241120 and later\u003cbr\u003eQuTS hero h5.2.2.2952 build 20241116 and later\u003cbr\u003e"
            }
          ],
          "value": "An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-475",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-475"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "PHYSICAL",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-06T16:36:05.597Z",
        "orgId": "2fd009eb-170a-4625-932b-17a53af1051f",
        "shortName": "qnap"
      },
      "references": [
        {
          "url": "https://www.qnap.com/en/security-advisory/qsa-24-49"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "We have already fixed the vulnerability in the following versions:\u003cbr\u003eQTS 5.1.9.2954 build 20241120 and later\u003cbr\u003eQTS 5.2.2.2950 build 20241114 and later\u003cbr\u003eQuTS hero h5.1.9.2954 build 20241120 and later\u003cbr\u003eQuTS hero h5.2.2.2952 build 20241116 and later\u003cbr\u003e"
            }
          ],
          "value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.9.2954 build 20241120 and later\nQTS 5.2.2.2950 build 20241114 and later\nQuTS hero h5.1.9.2954 build 20241120 and later\nQuTS hero h5.2.2.2952 build 20241116 and later"
        }
      ],
      "source": {
        "advisory": "QSA-24-49",
        "discovery": "EXTERNAL"
      },
      "title": "QTS, QuTS hero",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f",
    "assignerShortName": "qnap",
    "cveId": "CVE-2024-48865",
    "datePublished": "2024-12-06T16:36:05.597Z",
    "dateReserved": "2024-10-09T00:22:57.834Z",
    "dateUpdated": "2024-12-06T19:38:27.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47619 (GCVE-0-2024-47619)

Vulnerability from cvelistv5 – Published: 2025-05-07 15:12 – Updated: 2025-05-28 10:03
VLAI
Title
tranport: TLS host name wildcard matching too lax
Summary
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
syslog-ng syslog-ng Affected: < 4.8.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47619",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-07T17:22:10.473286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T17:22:27.218Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-28T10:03:45.900Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "syslog-ng",
          "vendor": "syslog-ng",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.8.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-07T15:12:02.118Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/syslog-ng/syslog-ng/security/advisories/GHSA-xr54-gx74-fghg"
        },
        {
          "name": "https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/syslog-ng/syslog-ng/commit/dadfdbecde5bfe710b0a6ee5699f96926b3f9006"
        },
        {
          "name": "https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/syslog-ng/syslog-ng/blob/b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d/lib/transport/tls-verifier.c#L78-L110"
        },
        {
          "name": "https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.8.2"
        }
      ],
      "source": {
        "advisory": "GHSA-xr54-gx74-fghg",
        "discovery": "UNKNOWN"
      },
      "title": "tranport: TLS host name wildcard matching too lax"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47619",
    "datePublished": "2025-05-07T15:12:02.118Z",
    "dateReserved": "2024-09-27T20:37:22.121Z",
    "dateUpdated": "2025-05-28T10:03:45.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47477 (GCVE-0-2024-47477)

Vulnerability from cvelistv5 – Published: 2026-06-17 14:11 – Updated: 2026-06-17 15:16
VLAI
Summary
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
Vendor Product Version
Dell PowerFlex Manager Affected: 0 , < 5.1.0.1 or later (semver)
Affected: 0 , < 4.5.5.2 or later (semver)
Create a notification for this product.
Date Public
2026-06-15 06:30
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47477",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T15:16:05.675164Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T15:16:12.957Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerFlex Manager",
          "vendor": "Dell",
          "versions": [
            {
              "lessThan": "5.1.0.1 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "4.5.5.2 or later",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2026-06-15T06:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning."
            }
          ],
          "value": "Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T14:11:39.867Z",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2024-47477",
    "datePublished": "2026-06-17T14:11:39.867Z",
    "dateReserved": "2024-09-25T05:22:37.837Z",
    "dateUpdated": "2026-06-17T15:16:12.957Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-47258 (GCVE-0-2024-47258)

Vulnerability from cvelistv5 – Published: 2025-02-06 19:10 – Updated: 2026-01-09 13:31
VLAI
Summary
2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. 2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Impacted products
Vendor Product Version
2N 2N Access Commander Affected: 2N Access Commander 2.1 and prior
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47258",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-03T15:32:08.195782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T15:32:18.420Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "2N Access Commander",
          "vendor": "2N",
          "versions": [
            {
              "status": "affected",
              "version": "2N Access Commander 2.1 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003e2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. \u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices.\u003c/div\u003e"
            }
          ],
          "value": "2N Access Commander version 2.1 and prior is vulnerable in default settings to Man In The Middle attack due to not verifying certificates of 2N edge devices. \n\n\n\n\n\n2N has currently released an updated version 3.3 of 2N Access Commander, with added Certificate Fingerprint Verification. Since version 2.2 of 2N Access Commander (released in February 2022) it is also possible to enforce TLS certificate validation.It is recommended that all customers update 2N Access Commander to the latest version and use one of two mentioned practices."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295 Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-09T13:31:36.477Z",
        "orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
        "shortName": "Axis"
      },
      "references": [
        {
          "url": "https://www.2n.com/en-GB/download/cve_2024_47258_acom_3_3_v1pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807",
    "assignerShortName": "Axis",
    "cveId": "CVE-2024-47258",
    "datePublished": "2025-02-06T19:10:40.660Z",
    "dateReserved": "2024-09-23T16:37:50.255Z",
    "dateUpdated": "2026-01-09T13:31:36.477Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.