CVE-2023-41991

MEDIUM Year: 2023
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Related Vulnerabilities

CVE-2012-1096

MEDIUM
CVSS:5.5(Medium)

NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.

CWE-2952012

CVE-2017-8445

MEDIUM
CVSS:5.5(Medium)

An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certi...

CWE-2952017

CVE-2018-8356

MEDIUM
CVSS:5.5(Medium)

A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects...

CWE-2952018

CVE-2019-14334

MEDIUM
CVSS:5.5(Medium)

An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert...

CWE-2952019

CVE-2021-26320

MEDIUM
CVSS:5.5(Medium)

Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP

CWE-2952021

CVE-2022-22946

MEDIUM
CVSS:5.5(Medium)

In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager....

CWE-2952022