Total
1005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-26911 | 2 Canarymail, Libmailcore | 2 Canary Mail, Mailcore2 | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. | |||||
CVE-2020-24560 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | |||||
CVE-2020-13955 | 1 Apache | 1 Calcite | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore. | |||||
CVE-2021-27189 | 1 Cira | 1 Canadian Shield | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The CIRA Canadian Shield app before 4.0.13 for iOS lacks SSL Certificate Validation. | |||||
CVE-2021-3309 | 1 Wekan Project | 1 Wekan | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, | |||||
CVE-2021-1277 | 1 Cisco | 1 Data Center Network Manager | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) could allow an attacker to spoof a trusted host or construct a man-in-the-middle attack to extract sensitive information or alter certain API requests. These vulnerabilities are due to insufficient certificate validation when establishing HTTPS requests with the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2021-27098 | 1 Cncf | 1 Spire | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1. | |||||
CVE-2021-3406 | 2 Fedoraproject, Keylime | 2 Fedora, Keylime | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations. | |||||
CVE-2020-4340 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | |||||
CVE-2021-3336 | 1 Wolfssl | 1 Wolfssl | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. | |||||
CVE-2020-24025 | 1 Sass-lang | 1 Node-sass | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | |||||
CVE-2020-9488 | 4 Apache, Debian, Oracle and 1 more | 46 Log4j, Debian Linux, Communications Application Session Controller and 43 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 | |||||
CVE-2020-13615 | 1 Qore | 1 Qore | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. | |||||
CVE-2020-8156 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Mail | 2024-02-28 | 6.8 MEDIUM | 7.0 HIGH |
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. | |||||
CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
CVE-2020-15498 | 1 Asus | 2 Rt-ac1900p, Rt-ac1900p Firmware | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. | |||||
CVE-2020-24715 | 1 Scalyr | 1 Scalyr Agent | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. | |||||
CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. | |||||
CVE-2019-20894 | 1 Traefik | 1 Traefik | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred. | |||||
CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. |