Total
1007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | |||||
| CVE-2019-5537 | 1 Vmware | 1 Vcenter Server | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | |||||
| CVE-2019-19270 | 2 Fedoraproject, Proftpd | 2 Fedora, Proftpd | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | |||||
| CVE-2020-0601 | 2 Golang, Microsoft | 5 Go, Windows, Windows 10 and 2 more | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | |||||
| CVE-2019-11554 | 1 Amazon | 1 Audible | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | |||||
| CVE-2019-6032 | 1 Ntv | 1 News 24 | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-3940 | 1 Vmware | 9 Workspace One Boxer, Workspace One Content, Workspace One Intelligent Hub and 6 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | |||||
| CVE-2020-7904 | 1 Jetbrains | 1 Intellij Idea | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | |||||
| CVE-2020-7942 | 1 Puppet | 2 Puppet, Puppet Agent | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19 | |||||
| CVE-2014-2902 | 1 Wolfssl | 1 Wolfssl | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | |||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | |||||
| CVE-2019-5101 | 1 Openwrt | 1 Openwrt | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events | |||||
| CVE-2020-5520 | 1 Fujixerox | 1 Netprint | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-9433 | 1 Lua-openssl Project | 1 Lua-openssl | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2014-2901 | 1 Wolfssl | 1 Wolfssl | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | |||||
| CVE-2019-18633 | 1 Europa | 1 Eidas-node Integration Package | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. | |||||
| CVE-2018-11751 | 1 Puppet | 1 Puppet Server | 2024-02-28 | 4.8 MEDIUM | 5.4 MEDIUM |
| Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. | |||||
| CVE-2013-0264 | 1 Redhat | 1 Mrg Management Console | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | |||||
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | |||||
| CVE-2014-0161 | 1 Ovirt-engine-sdk-python Project | 1 Ovirt-engine-sdk-python | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. | |||||