CVE-2024-0042

MEDIUM Year: 2024
CVSS v3 Score
5.6
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2016-7171

MEDIUM
CVSS:5.6(Medium)

NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.

CWE-2952016

CVE-2017-2648

MEDIUM
CVSS:5.6(Medium)

It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

CWE-2952017

CVE-2018-1000151

MEDIUM
CVSS:5.6(Medium)

A man in the middle vulnerability exists in Jenkins vSphere Plugin 2.16 and older in VSphere.java that disables SSL/TLS certificate validation by default.

CWE-2952018

CVE-2018-8119

MEDIUM
CVSS:5.6(Medium)

A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This...

CWE-2952018

CVE-2018-8479

MEDIUM
CVSS:5.6(Medium)

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.

CWE-2952018

CVE-2020-2187

MEDIUM
CVSS:5.6(Medium)

Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks.

CWE-2952020