Total
961 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18588 | 1 Security-framework Project | 1 Security-framework | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. | |||||
| CVE-2019-11727 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. | |||||
| CVE-2019-6702 | 1 Mastercard | 1 Qkr\! With Masterpass | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | |||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | |||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | |||||
| CVE-2019-11242 | 1 Cohesity | 1 Dataplatform | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
| A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. | |||||
| CVE-2019-10382 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2023-12-10 | 5.8 MEDIUM | 6.5 MEDIUM |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-3777 | 1 Pivotal Software | 1 Application Service | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could hijack the Cloud Controller's DNS record could intercept access tokens sent to the Cloud Controller, giving the attacker access to the user's resources in the Cloud Controller | |||||
| CVE-2019-14334 | 1 Dlink | 6 6600-ap, 6600-ap Firmware, Dwl-3600ap and 3 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. | |||||
| CVE-2019-3814 | 3 Canonical, Dovecot, Opensuse | 3 Ubuntu Linux, Dovecot, Leap | 2023-12-10 | 4.9 MEDIUM | 6.8 MEDIUM |
| It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users. | |||||
| CVE-2019-5961 | 1 Mastodon-tootdon | 1 Tootdon For Mastodon | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | |||||
| CVE-2019-1010206 | 1 Http Request Project | 1 Http Request | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing. | |||||
| CVE-2018-5926 | 1 Hp | 1 Remote Graphics Software | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | |||||
| CVE-2019-10314 | 1 Jenkins | 1 Koji | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-3751 | 1 Dell | 1 Emc Enterprise Copy Data Management | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | |||||
| CVE-2019-11550 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | |||||
| CVE-2019-11324 | 2 Canonical, Python | 2 Ubuntu Linux, Urllib3 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | |||||
| CVE-2019-12855 | 1 Twistedmatrix | 1 Twisted | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | |||||