Total
1039 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-2623 | 2 Redhat, Rpm-ostree | 3 Enterprise Linux, Rpm-ostree, Rpm-ostree-client | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default. | |||||
CVE-2017-2498 | 1 Apple | 1 Iphone Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |||||
CVE-2017-2387 | 1 Apple | 1 Apple Music | 2024-11-21 | 2.9 LOW | 4.8 MEDIUM |
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-2299 | 1 Puppet | 1 Puppetlabs-apache | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | |||||
CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-2110 | 1 Nissan Securities | 1 Access Cx | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-1622 | 1 Ibm | 1 Qradar Incident Forensics | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120. | |||||
CVE-2017-1265 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740. | |||||
CVE-2017-1200 | 1 Ibm | 1 Bigfix Compliance | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675. | |||||
CVE-2017-18918 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. | |||||
CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
CVE-2017-18588 | 1 Security-framework Project | 1 Security-framework | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. | |||||
CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | |||||
CVE-2017-18227 | 1 Titanhq | 1 Webtitan Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature. | |||||
CVE-2017-17945 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | |||||
CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | |||||
CVE-2017-17718 | 1 Net-ldap Project | 1 Net-ldap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | |||||
CVE-2017-17716 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem. | |||||
CVE-2017-17455 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present. |