Total
1040 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | |||||
| CVE-2019-16281 | 1 Ptarmigan Project | 1 Ptarmigan | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block. | |||||
| CVE-2019-16263 | 1 Twitter | 1 Twitter Kit | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product. | |||||
| CVE-2019-16252 | 1 Nutfind | 1 Nutfind | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. | |||||
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | |||||
| CVE-2019-16179 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. | |||||
| CVE-2019-15604 | 5 Debian, Nodejs, Opensuse and 2 more | 10 Debian Linux, Node.js, Leap and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | |||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | |||||
| CVE-2019-15042 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. | |||||
| CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | |||||
| CVE-2019-14516 | 1 Uidai | 1 Maadhaar | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. | |||||
| CVE-2019-14334 | 1 Dlink | 6 6600-ap, 6600-ap Firmware, Dwl-3600ap and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. | |||||
| CVE-2019-13050 | 5 F5, Fedoraproject, Gnupg and 2 more | 5 Traffix Signaling Delivery Controller, Fedora, Gnupg and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. | |||||
| CVE-2019-12855 | 1 Twistedmatrix | 1 Twisted | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | |||||
| CVE-2019-12496 | 1 Hybridgroup | 1 Gobot | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. | |||||
| CVE-2019-12000 | 1 Hp | 1 Mse Msg Gw Application E-ltu | 2024-11-21 | 5.4 MEDIUM | 6.6 MEDIUM |
| HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide. | |||||
| CVE-2019-11727 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-11688 | 1 Asustor | 1 Exfat Driver | 2024-11-21 | 8.8 HIGH | 7.4 HIGH |
| An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation. | |||||
| CVE-2019-11674 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | |||||
| CVE-2019-11554 | 1 Amazon | 1 Audible | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | |||||