Total
1040 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20328 | 2 Mongodb, Quarkus | 2 Java Driver, Quarkus | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
| Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Java driver and the KMS service rendering Field Level Encryption ineffective. This issue was discovered during internal testing and affects all versions of the Java driver that support CSFLE. The Java async, Scala, and reactive streams drivers are not impacted. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services originating from applications residing inside the AWS, GCP, and Azure network fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. | |||||
| CVE-2021-20327 | 1 Mongodb | 1 Libmongocrypt | 2024-11-21 | 4.3 MEDIUM | 6.4 MEDIUM |
| A specific version of the Node.js mongodb-client-encryption module does not perform correct validation of the KMS server’s certificate. This vulnerability in combination with a privileged network position active MITM attack could result in interception of traffic between the Node.js driver and the KMS service rendering client-side field level encryption (CSFLE) ineffective. This issue was discovered during internal testing and affects mongodb-client-encryption module version 1.2.0, which was available from 2021-Jan-29 and deprecated in the NPM Registry on 2021-Feb-04. This vulnerability does not impact driver traffic payloads with CSFLE-supported key services from applications residing inside the AWS, GCP, and Azure nework fabrics due to compensating controls in these environments. This issue does not impact driver workloads that don’t use Field Level Encryption. This issue affect MongoDB Node.js Driver mongodb-client-encryption module version 1.2.0 | |||||
| CVE-2021-20230 | 1 Stunnel | 1 Stunnel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2021-1837 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. | |||||
| CVE-2021-1566 | 1 Cisco | 3 Asyncos, Email Security Appliance, Web Security Appliance | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. | |||||
| CVE-2021-1471 | 1 Cisco | 1 Jabber | 2024-11-21 | 6.8 MEDIUM | 9.9 CRITICAL |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1354 | 1 Cisco | 1 Unified Computing System Central Software | 2024-11-21 | 2.7 LOW | 4.3 MEDIUM |
| A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. | |||||
| CVE-2021-1277 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 5.8 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1276 | 1 Cisco | 1 Data Center Network Manager | 2024-11-21 | 5.8 MEDIUM | 7.5 HIGH |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1134 | 1 Cisco | 1 Dna Center | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. | |||||
| CVE-2021-0341 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 | |||||
| CVE-2020-9868 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate. | |||||
| CVE-2020-9488 | 4 Apache, Debian, Oracle and 1 more | 46 Log4j, Debian Linux, Communications Application Session Controller and 43 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 | |||||
| CVE-2020-9434 | 1 Lua-openssl Project | 1 Lua-openssl | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9433 | 1 Lua-openssl Project | 1 Lua-openssl | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9432 | 1 Lua-openssl Project | 1 Lua-openssl | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9321 | 1 Traefik | 1 Traefik | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. | |||||
| CVE-2020-9040 | 1 Couchbase | 1 Couchbase Server Java Sdk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification. | |||||
| CVE-2020-8987 | 1 Avast | 2 Antitrack, Avg Antitrack | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.) | |||||
| CVE-2020-8289 | 1 Backblaze | 1 Backblaze | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | |||||