Total
1007 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-10317 | 1 Jenkins | 1 Sitemonitor | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | |||||
| CVE-2019-6702 | 1 Mastercard | 1 Qkr\! With Masterpass | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | |||||
| CVE-2019-1886 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. | |||||
| CVE-2019-1590 | 1 Cisco | 28 Nexus 9000, Nexus 92160yc-x, Nexus 92300yc and 25 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform insecure TLS client authentication on an affected device. The vulnerability is due to insufficient TLS client certificate validations for certificates sent between the various components of an ACI fabric. An attacker who has possession of a certificate that is trusted by the Cisco Manufacturing CA and the corresponding private key could exploit this vulnerability by presenting a valid certificate while attempting to connect to the targeted device. An exploit could allow the attacker to gain full control of all other components within the ACI fabric of an affected device. | |||||
| CVE-2019-10381 | 1 Jenkins | 1 Codefresh Integration | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-4150 | 1 Ibm | 1 Security Access Manager | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. | |||||
| CVE-2019-16179 | 1 Limesurvey | 1 Limesurvey | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. | |||||
| CVE-2019-3814 | 3 Canonical, Dovecot, Opensuse | 3 Ubuntu Linux, Dovecot, Leap | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | |||||
| CVE-2019-11242 | 1 Cohesity | 1 Dataplatform | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. | |||||
| CVE-2018-11747 | 1 Puppet | 1 Discovery | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | |||||
| CVE-2018-6517 | 1 Puppet | 1 Chloride | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride. | |||||
| CVE-2018-12205 | 1 Intel | 5 Core I3, Core I5, Core I7 and 2 more | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
| Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access. | |||||
| CVE-2019-9148 | 1 Mailvelope | 1 Mailvelope | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person. | |||||
| CVE-2019-1010206 | 1 Http Request Project | 1 Http Request | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing. | |||||
| CVE-2019-1859 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. | |||||
| CVE-2018-5926 | 1 Hp | 1 Remote Graphics Software | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | |||||
| CVE-2019-10314 | 1 Jenkins | 1 Koji | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-10914 | 1 Matrixssl | 1 Matrixssl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | |||||