Total
1039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23649 | 1 Sigstore | 1 Cosign | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and push permissions for the signature in OCI. This can happen with both standard signing with a keypair and "keyless signing" with Fulcio. If an attacker has access to the signature in OCI, they can manipulate cosign into believing the entry was stored in Rekor even though it wasn't. The vulnerability has been patched in v1.5.2 of Cosign. The `signature` in the `signedEntryTimestamp` provided by Rekor is now compared to the `signature` that is being verified. If these don't match, then an error is returned. If a valid bundle is copied to a different signature, verification should fail. Cosign output now only informs the user that certificates were verified if a certificate was in fact verified. There is currently no known workaround. | |||||
| CVE-2022-23632 | 2 Oracle, Traefik | 2 Communications Unified Inventory Management, Traefik | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled. | |||||
| CVE-2022-22946 | 2 Oracle, Vmware | 6 Commerce Guided Search, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Console and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. | |||||
| CVE-2022-22885 | 1 Hutool | 1 Hutool | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | |||||
| CVE-2022-22787 | 1 Zoom | 1 Meetings | 2024-11-21 | 6.0 MEDIUM | 5.9 MEDIUM |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services. | |||||
| CVE-2022-22747 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 6.5 MEDIUM |
| After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | |||||
| CVE-2022-22549 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| Dell PowerScale OneFS, 8.2.x-9.3.x, contains a Improper Certificate Validation. A unauthenticated remote attacker could potentially exploit this vulnerability, leading to a man-in-the-middle capture of administrative credentials. | |||||
| CVE-2022-22380 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | N/A | 5.0 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957. | |||||
| CVE-2022-22306 | 1 Fortinet | 1 Fortios | 2024-11-21 | 2.9 LOW | 5.4 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. | |||||
| CVE-2022-22305 | 1 Fortinet | 4 Fortianalyzer, Fortimanager, Fortios and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers. | |||||
| CVE-2022-22156 | 1 Juniper | 1 Junos | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An Improper Certificate Validation weakness in the Juniper Networks Junos OS allows an attacker to perform Person-in-the-Middle (PitM) attacks when a system script is fetched from a remote source at a specified HTTPS URL, which may compromise the integrity and confidentiality of the device. The following command can be executed by an administrator via the CLI to refresh a script from a remote location, which is affected from this vulnerability: >request system scripts refresh-from (commit | event | extension-service | op | snmp) file filename url <https-url> This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S9, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S7; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3; 20.3 versions prior to 20.3R2-S1, 20.3R3; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R1-S1, 21.1R2. | |||||
| CVE-2022-21836 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Windows Certificate Spoofing Vulnerability | |||||
| CVE-2022-21657 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| Envoy is an open source edge and service proxy, designed for cloud-native applications. In affected versions Envoy does not restrict the set of certificates it accepts from the peer, either as a TLS client or a TLS server, to only those certificates that contain the necessary extendedKeyUsage (id-kp-serverAuth and id-kp-clientAuth, respectively). This means that a peer may present an e-mail certificate (e.g. id-kp-emailProtection), either as a leaf certificate or as a CA in the chain, and it will be accepted for TLS. This is particularly bad when combined with the issue described in pull request #630, in that it allows a Web PKI CA that is intended only for use with S/MIME, and thus exempted from audit or supervision, to issue TLS certificates that will be accepted by Envoy. As a result Envoy will trust upstream certificates that should not be trusted. There are no known workarounds to this issue. Users are advised to upgrade. | |||||
| CVE-2022-21654 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised to upgrade. | |||||
| CVE-2022-21170 | 1 Daj | 6 Dspa-15000 M5, Dspa-2000 M4, Dspa-4000 M4 and 3 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. | |||||
| CVE-2022-20960 | 1 Cisco | 1 Email Security Appliance | 2024-11-21 | N/A | 7.5 HIGH |
| A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an affected device. An attacker could exploit this vulnerability by establishing a large number of concurrent TLS connections to an affected device. A successful exploit could allow the attacker to cause the device to drop new TLS email messages that come from the associated email servers. Exploitation of this vulnerability does not cause the affected device to unexpectedly reload. The device will recover autonomously within a few hours of when the attack is halted or mitigated. | |||||
| CVE-2022-20860 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers. | |||||
| CVE-2022-20814 | 2024-11-21 | N/A | 7.4 HIGH | ||
| A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2022-20813 | 1 Cisco | 2 Expressway, Telepresence Video Communication Server | 2024-11-21 | 4.3 MEDIUM | 9.0 CRITICAL |
| Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20703 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2024-11-21 | 7.2 HIGH | 10.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||