Total
1040 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10659 | 2 Entrustdatacard, Microsoft | 2 Entelligence Security Provider, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | |||||
| CVE-2020-10059 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | |||||
| CVE-2020-0601 | 2 Golang, Microsoft | 5 Go, Windows, Windows 10 and 2 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | |||||
| CVE-2020-0119 | 1 Google | 1 Android | 2024-11-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247 | |||||
| CVE-2019-9148 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person. | |||||
| CVE-2019-8642 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | |||||
| CVE-2019-8531 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | |||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-8337 | 1 Marlam | 2 Mpop, Msmtp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | |||||
| CVE-2019-7728 | 1 Bosch | 1 Smart Camera | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | |||||
| CVE-2019-7615 | 1 Elastic | 1 Apm-agent-ruby | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent. | |||||
| CVE-2019-6702 | 1 Mastercard | 1 Qkr\! With Masterpass | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | |||||
| CVE-2019-6687 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | |||||
| CVE-2019-6592 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles. | |||||
| CVE-2019-6266 | 1 Cordaware | 1 Bestinformed | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | |||||
| CVE-2019-6032 | 1 Ntv | 1 News 24 | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-5961 | 1 Mastodon-tootdon | 1 Tootdon For Mastodon | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-5729 | 1 Splunk | 1 Software Development Kit | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. | |||||
| CVE-2019-5538 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | |||||
| CVE-2019-5537 | 1 Vmware | 1 Vcenter Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | |||||