Threats Tagged 'cwe-295'

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over a connection whose certificate was never validated, on both the go-git and native git CLI code paths. An attacker able to intercept clone traffic could present any TLS certificate, capture the Git credentials supplied for the clone, and serve tampered repository content into the sandbox. This vulnerability is fixed in 0.185.0.

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation.

Dell PowerFlex Manager versions prior to 4.5.1.1 have an improper certificate validation vulnerability (CWE-295). This flaw could allow a remote unauthenticated attacker to perform a man-in-the-middle attack when combined with DNS cache poisoning. The vulnerability has a CVSS score of 6.5, indicating a medium severity level. No official patch or remediation guidance has been provided yet by the vendor.

An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control.

Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier

Idira Vendor PAM - Self-Hosted Connector versions prior 1.1.100504 under specific conditions and configuration scenarios, TLS certificate validation may not be fully enforced. CyberArk Security Bulletin: CA26-17

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security controls or cryptographic validations. Under specific circumstances, this could allow the attacker to circumvent agent self-defense mechanisms and execute unauthorized operations. CyberArk Security Bulletin: CA26-19

The crypton-x509-validation Haskell library does not properly enforce X.509 NameConstraints, allowing TLS clients to accept certificates with Subject Alternative Names outside the permitted subtrees of the issuing CA. This vulnerability enables an attacker who compromises a name-constrained sub-CA to impersonate domains beyond its intended scope. The issue is classified under CWE-295 (Improper Certificate Validation) and has a critical CVSS score of 9.1.