CVEFinder.io

CVE-2023-37920

⚠ī¸ high
🔍 Scan for this CVE
Summary

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

CVSS Score
7.5
High
EPSS Score
0.1
Exploit Probability
Published Date
2023-07-25
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 68.9% of all 329,456 vulnerabilities in our database.

#102,448
Above average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Mar 5, 2025
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
YES
Can be exploited automatically
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-02-13
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE IDs (Weakness Types)
CWE-345

đŸ“Ļ Affected Products 8

Vendor Product Status Affected Versions
fedoraproject fedora Affected
v38
netapp ontap_select_deploy_administration_utility Affected
v-
netapp active_iq_unified_manager Affected
v-
netapp solidfire_\&_hci_storage_node Affected
v-
netapp management_services_for_element_software Affected
v-
netapp management_services_for_netapp_hci Affected
v-
certifi certifi Affected
≥ 2015.4.28 < 2023.7.22
netapp ontap_mediator Affected
v-

🔗 References 5

https://github.com/certifi/python-certifi/commit/8fb...
Patch
https://github.com/certifi/python-certifi/security/a...
Vendor Advisory
https://groups.google.com/a/mozilla.org/g/dev-securi...
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...
Mailing List
https://security.netapp.com/advisory/ntap-20240912-0...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-35093 ⚠ī¸ high 8.8 0.0 A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or ... 2026-04-01
CVE-2026-35094 ℹī¸ low 3.3 0.0 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can expl... 2026-04-01
CVE-2025-30722 đŸ”ļ medium 5.3 0.1 Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are a... 2025-04-15
CVE-2025-31672 đŸ”ļ medium 5.3 1.0 Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, do... 2025-04-09
CVE-2024-56171 ⚠ī¸ high 7.8 0.1 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleID... 2025-02-18
CVE-2025-26465 đŸ”ļ medium 6.8 64.4 A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be ... 2025-02-18
These CVEs affect the same products