Total
1005 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24619 | 1 Meltytech | 1 Shotcut | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource. | |||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | |||||
| CVE-2020-27589 | 1 Synopsys | 1 Hub-rest-api-python | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | |||||
| CVE-2020-35733 | 2 Erlang, Fedoraproject | 2 Erlang\/otp, Fedora | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||||
| CVE-2020-35662 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated. | |||||
| CVE-2020-28972 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the vmware.py files) does not always validate the SSL/TLS certificate. | |||||
| CVE-2019-8531 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | |||||
| CVE-2021-3162 | 2 Apple, Docker | 2 Macos, Docker | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation. | |||||
| CVE-2020-28942 | 1 Primekey | 1 Ejbca | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. | |||||
| CVE-2020-1675 | 1 Juniper | 1 Mist Cloud Ui | 2024-02-28 | 4.3 MEDIUM | 8.3 HIGH |
| When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | |||||
| CVE-2021-20649 | 1 Elecom | 2 Wrc-300febk-s, Wrc-300febk-s Firmware | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
| ELECOM WRC-300FEBK-S contains an improper certificate validation vulnerability. Via a man-in-the-middle attack, an attacker may alter the communication response. As a result, an arbitrary OS command may be executed on the affected device. | |||||
| CVE-2020-5812 | 1 Tenable | 1 Nessus Amazon Machine Image | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | |||||
| CVE-2021-1471 | 1 Cisco | 1 Jabber | 2024-02-28 | 6.8 MEDIUM | 5.6 MEDIUM |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-29440 | 1 Tesla | 2 Model X, Model X Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. | |||||
| CVE-2021-3285 | 1 Ti | 1 Code Composer Studio Intgrated Development Environment | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS. | |||||
| CVE-2020-28362 | 3 Fedoraproject, Golang, Netapp | 4 Fedora, Go, Cloud Insights Telegraf Agent and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. | |||||
| CVE-2020-25680 | 1 Redhat | 1 Jboss Core Services Httpd | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificate with the keystore file's ID is 'unknown'. The validation of the certificate whether CN and hostname are matching stopped working and allow connecting to the back-end work. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2020-24393 | 1 Tweetstream Project | 1 Tweetstream | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack. | |||||
| CVE-2021-1276 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-8289 | 1 Backblaze | 1 Backblaze | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | |||||