Total
1039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
| CVE-2015-5639 | 1 Dwango | 1 Niconico | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2015-5619 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |||||
| CVE-2015-4954 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200. | |||||
| CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
| CVE-2015-4100 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 4.9 MEDIUM | 6.8 MEDIUM |
| Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | |||||
| CVE-2015-4094 | 1 Thycotic | 1 Secret Server | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4017 | 1 Saltstack | 1 Salt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | |||||
| CVE-2015-3886 | 1 Libinfinity Project | 1 Libinfinity | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||||
| CVE-2015-3152 | 6 Debian, Fedoraproject, Mariadb and 3 more | 12 Debian Linux, Fedora, Mariadb and 9 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. | |||||
| CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2024-11-21 | 4.0 MEDIUM | 7.4 HIGH |
| Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2015-2981 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | |||||
| CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||||
| CVE-2015-2320 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | |||||
| CVE-2015-2319 | 1 Mono-project | 1 Mono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | |||||
| CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | |||||