CVE-2024-2466

MEDIUM Year: 2024
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-297
View all →

Vulnerability Description

libcurl did not check the server certificate of TLS connections done to a host specified as an IP address, when built to use mbedTLS. libcurl would wrongly avoid using the set hostname function when the specified hostname was given as an IP address, therefore completely skipping the certificate check. This affects all uses of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc).

Related Vulnerabilities

CVE-2016-1280

MEDIUM
CVSS:6.5(Medium)

PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before 12.1X46-D37, 12.1X47 before 12.1X47-D30, 12.3 before 12.3R12, 12.3X48 before 12.3X48-D20, 13.3 before 13.3R10, 14.1 before 14.1R8, 14.1X53 b...

CWE-2972016

CVE-2024-38324

MEDIUM
CVSS:6.5(Medium)

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an ...

CWE-2972024

CVE-2025-42921

MEDIUM
CVSS:6.5(Medium)

In JetBrains Toolbox App before 2.6 host key verification was missing in SSH plugin

CWE-2972025

CVE-2020-15260

MEDIUM
CVSS:6.8(Medium)

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJ...

CWE-2972020

CVE-2021-33695

MEDIUM
CVSS:6.8(Medium)

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.

CWE-2972021

CVE-2022-48306

MEDIUM
CVSS:6.8(Medium)

Improper Validation of Certificate with Host Mismatch vulnerability in Gotham Chat IRC helper of Palantir Gotham allows A malicious attacker in a privileged network position could abuse this to perfor...

CWE-2972022