CWE-300 · Channel Accessible by Non-Endpoint
47 CVEs classified under CWE-300 (Channel Accessible by Non-Endpoint). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-7480 | Critical | 9.8 | 2017-07-21 | rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution. |
CVE-2009-3555 | Critical | 9.8 | 2009-11-09 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Serve… |
CVE-2023-31004 | High | 8.3 | 2024-02-03 | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10… |
CVE-2024-31206 | High | 8.2 | 2024-04-04 | dectalk-tts is a Node package to interact with the aeiou Dectalk web API. In `dectalk-tts@1.0.0`, network requests to the third-party API are sent over HTTP, w… |
CVE-2019-3793 | High | 8.1 | 2019-04-24 | Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation… |
CVE-2025-20122 | High | 7.8 | 2025-05-07 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to gain privileges of… |
CVE-2023-32634 | High | 7.8 | 2023-10-12 | An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a… |
CVE-2021-21953 | High | 7.7 | 2021-12-22 | An authentication bypass vulnerability exists in the process_msg() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted… |
CVE-2021-32926 | High | 7.5 | 2021-06-03 | When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, n… |
CVE-2025-40770 | High | 7.4 | 2025-08-12 | A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions). The affected application uses a monitoring interface that is… |
CVE-2024-32049 | High | 7.4 | 2024-05-08 | BIG-IP Next Central Manager (CM) may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software version… |
CVE-2019-14899 | High | 7.4 | 2019-12-11 | A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a… |
CVE-2017-12151 | High | 7.4 | 2018-07-27 | A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection co… |
CVE-2017-12150 | High | 7.4 | 2018-07-26 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enable… |
CVE-2017-15086 | High | 7.4 | 2017-11-08 | It was discovered that the fix for CVE-2017-12151 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6. |
CVE-2017-12735 | High | 7.4 | 2017-08-30 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). An attacker who performs a Man-in-the-Middle attack between th… |
CVE-2017-9941 | High | 7.4 | 2017-08-08 | A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker in a Man-in-the-Middle position between th… |
CVE-2017-6870 | High | 7.4 | 2017-08-08 | A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for Android (All versions before V1.0.2.2). The existing TLS protocol implementation could… |
CVE-2023-2310 | Medium | 6.8 | 2023-05-10 | A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote a… |
CVE-2019-0054 | Medium | 6.8 | 2019-10-09 | An Improper Certificate Validation weakness in the SRX Series Application Identification (app-id) signature update client of Juniper Networks Junos OS allows a… |