Vulnerabilities (CVE)

Filtered by CWE-295
Total 1039 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2623 2 Redhat, Rpm-ostree 3 Enterprise Linux, Rpm-ostree, Rpm-ostree-client 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
It was discovered that rpm-ostree and rpm-ostree-client before 2017.3 fail to properly check GPG signatures on packages when doing layering. Packages with unsigned or badly signed content could fail to be rejected as expected. This issue is partially mitigated on RHEL Atomic Host, where certificate pinning is used by default.
CVE-2017-2498 1 Apple 1 Iphone Os 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
CVE-2017-2387 1 Apple 1 Apple Music 2024-11-21 2.9 LOW 4.8 MEDIUM
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2299 1 Puppet 1 Puppetlabs-apache 2024-11-21 5.0 MEDIUM 7.5 HIGH
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.
CVE-2017-2278 3 Apple, Google, Iid 3 Iphone Os, Android, Rbb Speed Test 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2110 1 Nissan Securities 1 Access Cx 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-1622 1 Ibm 1 Qradar Incident Forensics 2024-11-21 5.8 MEDIUM 3.7 LOW
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.
CVE-2017-1265 1 Ibm 1 Security Guardium 2024-11-21 4.3 MEDIUM 3.7 LOW
IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740.
CVE-2017-1200 1 Ibm 1 Bigfix Compliance 2024-11-21 4.3 MEDIUM 3.7 LOW
IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675.
CVE-2017-18918 1 Mattermost 1 Mattermost Server 2024-11-21 4.0 MEDIUM 4.9 MEDIUM
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.
CVE-2017-18911 1 Mattermost 1 Mattermost Server 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.
CVE-2017-18909 1 Mattermost 1 Mattermost Server 2024-11-21 4.3 MEDIUM 7.5 HIGH
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.
CVE-2017-18588 1 Security-framework Project 1 Security-framework 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.
CVE-2017-18479 1 Cpanel 1 Cpanel 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
CVE-2017-18227 1 Titanhq 1 Webtitan Gateway 2024-11-21 5.0 MEDIUM 7.5 HIGH
TitanHQ WebTitan Gateway has incorrect certificate validation for the TLS interception feature.
CVE-2017-17945 1 Asus 2 Hivivo, Vivobaby 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVE-2017-17944 1 Asus 2 Hivivo, Vivobaby 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation.
CVE-2017-17718 1 Net-ldap Project 1 Net-ldap 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
CVE-2017-17716 1 Gitlab 1 Gitlab 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
CVE-2017-17455 1 Mahara 1 Mahara 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.