Total
1007 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-10446 | 1 Jenkins | 1 Cadence Vmanager | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
CVE-2019-3685 | 1 Opensuse | 1 Open Build Service | 2024-02-28 | 6.8 MEDIUM | 7.7 HIGH |
Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | |||||
CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | |||||
CVE-2020-5522 | 1 Fujixerox | 1 Easy Netprint | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2020-9434 | 1 Lua-openssl Project | 1 Lua-openssl | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
CVE-2009-3552 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-28 | 2.9 LOW | 3.1 LOW |
In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | |||||
CVE-2019-18826 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. | |||||
CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2024-02-28 | 6.4 MEDIUM | 8.2 HIGH |
Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | |||||
CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
CVE-2019-5506 | 1 Netapp | 1 Clustered Data Ontap | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Clustered Data ONTAP versions 9.0 and higher do not enforce hostname verification under certain circumstances making them susceptible to impersonation via man-in-the-middle attacks. | |||||
CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
CVE-2019-11674 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | |||||
CVE-2019-15042 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. | |||||
CVE-2017-14806 | 1 Suse | 2 Studio Onsite, Susestudio-ui-server | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions. | |||||
CVE-2019-19271 | 1 Proftpd | 1 Proftpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | |||||
CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||||
CVE-2020-7042 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | |||||
CVE-2020-7043 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | |||||
CVE-2020-5523 | 9 77bank, Ashikagabank, Hokkaidobank and 6 more | 9 77 Bank, Ashigin, Dogin and 6 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. |