Total
1039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1777 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Rhn-client-tools | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. | |||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | |||||
| CVE-2015-0534 | 1 Dell | 3 Bsafe, Bsafe Ssl-c, Bsafe Ssl-j | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. | |||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||||
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | |||||
| CVE-2014-7242 | 1 Ms-ins | 2 Sumaho, Sumaho Driving Capability Diagnosis | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | |||||
| CVE-2014-7143 | 1 Twistedmatrix | 1 Twisted | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Python Twisted 14.0 trustRoot is not respected in HTTP client | |||||
| CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||||
| CVE-2014-3607 | 1 Ldaptive | 2 Ldaptive, Vt-ldap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| duplicity 0.6.24 has improper verification of SSL certificates | |||||
| CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |||||
| CVE-2014-3394 | 1 Cisco | 11 Adaptive Security Appliance Software, Adaptive Security Virtual Appliance, Asa 1000v Cloud Firewall and 8 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916. | |||||
| CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | |||||
| CVE-2014-3230 | 1 Lwp\ | 1 \ | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. | |||||
| CVE-2014-2902 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | |||||
| CVE-2014-2901 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | |||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||