Vulnerabilities (CVE)

Filtered by CWE-295
Total 684 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-21836 1 Microsoft 9 Windows 10, Windows 11, Windows 7 and 6 more 2022-01-14 7.2 HIGH 7.8 HIGH
Windows Certificate Spoofing Vulnerability.
CVE-2021-44273 1 E2bn 1 E2guardian 2022-01-11 5.8 MEDIUM 7.4 HIGH
e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.
CVE-2021-41028 1 Fortinet 2 Forticlient, Forticlient Endpoint Management Server 2022-01-04 5.4 MEDIUM 7.5 HIGH
A combination of a use of hard-coded cryptographic key vulnerability [CWE-321] in FortiClientEMS 7.0.1 and below, 6.4.6 and below and an improper certificate validation vulnerability [CWE-297] in FortiClientWindows, FortiClientLinux and FortiClientMac 7.0.1 and below, 6.4.6 and below may allow an unauthenticated and network adjacent attacker to perform a man-in-the-middle attack between the EMS and the FCT via the telemetry protocol.
CVE-2020-1675 1 Juniper 1 Mist Cloud Ui 2022-01-01 4.3 MEDIUM 8.3 HIGH
When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020.
CVE-2021-39359 1 Gnome 1 Libgda 2021-12-31 4.3 MEDIUM 5.9 MEDIUM
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2020-7942 1 Puppet 2 Puppet, Puppet Agent 2021-12-30 4.0 MEDIUM 6.5 MEDIUM
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 and 5.5.19 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior. Affected software versions: Puppet 6.x prior to 6.13.0 Puppet Agent 6.x prior to 6.13.0 Puppet 5.5.x prior to 5.5.19 Puppet Agent 5.5.x prior to 5.5.19 Resolved in: Puppet 6.13.0 Puppet Agent 6.13.0 Puppet 5.5.19 Puppet Agent 5.5.19
CVE-2020-9488 2 Apache, Oracle 43 Log4j, Communications Application Session Controller, Communications Billing And Revenue Management and 40 more 2021-12-27 4.3 MEDIUM 3.7 LOW
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.
CVE-2021-41611 2 Fedoraproject, Squid-cache 2 Fedora, Squid 2021-12-23 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
CVE-2021-44549 1 Apache 1 Sling Commons Messaging Mail 2021-12-21 5.8 MEDIUM 7.4 HIGH
Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of "man in the middle" attacks additional server identity checks must be performed when accessing mail servers. For compatibility reasons these additional checks are disabled by default in JavaMail/Jakarta Mail. The SimpleMailService in Apache Sling Commons Messaging Mail 1.0 lacks an option to enable these checks for the shared mail session. A user could enable these checks nevertheless by accessing the session via the message created by SimpleMessageBuilder and setting the property mail.smtps.ssl.checkserveridentity to true. Apache Sling Commons Messaging Mail 2.0 adds support for enabling server identity checks and these checks are enabled by default. - https://javaee.github.io/javamail/docs/SSLNOTES.txt - https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html - https://github.com/eclipse-ee4j/mail/issues/429
CVE-2021-42027 1 Siemens 1 Sinumerik Edge 2021-12-20 5.8 MEDIUM 7.4 HIGH
A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.
CVE-2021-39365 2 Debian, Gnome 2 Debian Linux, Grilo 2021-12-16 4.3 MEDIUM 5.9 MEDIUM
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-32728 2 Debian, Nextcloud 2 Debian Linux, Nextcloud 2021-12-16 4.0 MEDIUM 6.5 MEDIUM
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.
CVE-2020-4496 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2021-12-15 4.3 MEDIUM 5.9 MEDIUM
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
CVE-2017-4981 1 Dell 1 Bsafe Cert-c 2021-12-15 5.0 MEDIUM 7.5 HIGH
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.
CVE-2021-31747 1 Pluck-cms 1 Pluck 2021-12-14 5.8 MEDIUM 4.8 MEDIUM
Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
CVE-2015-0534 1 Dell 3 Bsafe, Bsafe Ssl-c, Bsafe Ssl-j 2021-12-14 5.0 MEDIUM 7.5 HIGH
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275.
CVE-2021-34558 3 Fedoraproject, Golang, Netapp 5 Fedora, Go, Cloud Insights Telegraf and 2 more 2021-12-10 2.6 LOW 6.5 MEDIUM
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
CVE-2021-31597 1 Xmlhttprequest-ssl Project 1 Xmlhttprequest-ssl 2021-12-08 7.5 HIGH 9.4 CRITICAL
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-28363 3 Fedoraproject, Oracle, Python 3 Fedora, Peoplesoft Enterprise Peopletools, Urllib3 2021-12-08 6.4 MEDIUM 6.5 MEDIUM
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
CVE-2021-22939 3 Netapp, Nodejs, Oracle 4 Nextgen Api, Node.js, Graalvm and 1 more 2021-12-07 5.0 MEDIUM 5.3 MEDIUM
If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted.