Total
1039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3309 | 1 Wekan Project | 1 Wekan | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, | |||||
| CVE-2021-3285 | 1 Ti | 1 Code Composer Studio Intgrated Development Environment | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS. | |||||
| CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | |||||
| CVE-2021-39365 | 2 Debian, Gnome | 2 Debian Linux, Grilo | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2021-39361 | 1 Gnome | 1 Evolution-rss | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2021-39360 | 2 Fedoraproject, Gnome | 2 Fedora, Libzapojit | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2021-39359 | 2 Fedoraproject, Gnome | 2 Fedora, Libgda | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2021-39358 | 2 Fedoraproject, Gnome | 2 Fedora, Libgfbgraph | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | |||||
| CVE-2021-38864 | 1 Ibm | 1 Security Verify Bridge | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. | |||||
| CVE-2021-37698 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate despite a certificate authority being specified. Icinga 2 instances which connect to any of the mentioned time series databases (TSDBs) using TLS over a spoofable infrastructure should immediately upgrade to version 2.13.1, 2.12.6, or 2.11.11 to patch the issue. Such instances should also change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB. There are no workarounds aside from upgrading. | |||||
| CVE-2021-37219 | 1 Hashicorp | 1 Consul | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2. | |||||
| CVE-2021-37218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | |||||
| CVE-2021-36756 | 1 Northern.tech | 1 Cfengine | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. | |||||
| CVE-2021-36377 | 2 Fedoraproject, Fossil-scm | 2 Fedora, Fossil | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. | |||||
| CVE-2021-36371 | 1 Getambassador | 1 Emissary-ingress | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. (2.x versions are unaffected. 1.x versions are unaffected with certain configuration settings involving prune_unreachable_routes and a wildcard Host resource.) | |||||
| CVE-2021-35497 | 1 Tibco | 3 Activespaces, Eftl, Ftl | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0. | |||||
| CVE-2021-35193 | 1 Pattersondental | 1 Eaglesoft | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product, retrieving those credentials only occurs after a username/password authentication step; however, this authentication step is on the client side, and an attacker can develop their own client that skips this step.) | |||||
| CVE-2021-34599 | 1 Codesys | 2 Development System, Git | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify that the server provides a valid and trusted HTTPS certificate. Since the certificate of the server to which the connection is made is not properly verified, the server connection is vulnerable to a man-in-the-middle attack. | |||||
| CVE-2021-34558 | 4 Fedoraproject, Golang, Netapp and 1 more | 6 Fedora, Go, Cloud Insights Telegraf and 3 more | 2024-11-21 | 2.6 LOW | 6.5 MEDIUM |
| The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. | |||||
| CVE-2021-33907 | 1 Zoom | 1 Meetings | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. | |||||