Total
1007 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-1543 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. | |||||
CVE-2018-1000096 | 1 Tiny-json-http Project | 1 Tiny-json-http | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. | |||||
CVE-2016-9064 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | |||||
CVE-2018-6827 | 1 Omninova | 2 Vobot, Vobot Firmware | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. | |||||
CVE-2018-6374 | 1 Pulsesecure | 1 Desktop Linux Client | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. | |||||
CVE-2018-12461 | 1 Netiq | 1 Edirectory | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | |||||
CVE-2018-5761 | 1 Rubrik | 1 Cdm | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter. | |||||
CVE-2017-12721 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack. | |||||
CVE-2016-10534 | 1 Electron-packager Project | 1 Electron-packager | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack. | |||||
CVE-2018-6219 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. | |||||
CVE-2018-6221 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. | |||||
CVE-2018-10406 | 1 Yelp | 1 Osxcollector | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
CVE-2018-7234 | 1 Schneider-electric | 40 Ibp1110-1er, Ibp1110-1er Firmware, Ibp219-1er and 37 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of SSL certificate. | |||||
CVE-2018-5502 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure. | |||||
CVE-2018-1000500 | 1 Busybox | 1 Busybox | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". | |||||
CVE-2018-4086 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints. | |||||
CVE-2018-9127 | 1 Botan Project | 1 Botan | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character. | |||||
CVE-2017-15341 | 1 Huawei | 8 Ar3200, Ar3200 Firmware, Te40 and 5 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. | |||||
CVE-2018-5466 | 1 Philips | 1 Intellispace Portal | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | |||||
CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). |