Search
Total
66 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43882 | 1 Microsoft | 1 Defender For Iot | 2023-12-28 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for IoT Remote Code Execution Vulnerability | |||||
| CVE-2023-48427 | 1 Siemens | 1 Sinec Ins | 2023-12-14 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. | |||||
| CVE-2023-49312 | 1 Precisionbridge | 1 Precision Bridge | 2023-11-30 | N/A | 9.1 CRITICAL |
| Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address. | |||||
| CVE-2023-40256 | 1 Veritas | 1 Netbackup Snapshot Manager | 2023-08-18 | N/A | 9.8 CRITICAL |
| A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers. | |||||
| CVE-2022-47758 | 1 Nanoleaf | 1 Nanoleaf Firmware | 2023-08-02 | N/A | 9.8 CRITICAL |
| Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. | |||||
| CVE-2022-23632 | 1 Traefik | 1 Traefik | 2022-07-25 | 6.8 MEDIUM | 9.8 CRITICAL |
| Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. Version 2.6.1 contains a patch for this issue. As a workaround, one may add the FDQN to the host rule. However, there is no workaround if the CNAME flattening is enabled. | |||||
| CVE-2022-31105 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-20 | 5.1 MEDIUM | 9.6 CRITICAL |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.4.0 and prior to 2.2.11, 2.3.6, and 2.4.5 is vulnerable to an improper certificate validation bug which could cause Argo CD to trust a malicious (or otherwise untrustworthy) OpenID Connect (OIDC) provider. A patch for this vulnerability has been released in Argo CD versions 2.4.5, 2.3.6, and 2.2.11. There are no complete workarounds, but a partial workaround is available. Those who use an external OIDC provider (not the bundled Dex instance), can mitigate the issue by setting the `oidc.config.rootCA` field in the `argocd-cm` ConfigMap. This mitigation only forces certificate validation when the API server handles login flows. It does not force certificate verification when verifying tokens on API calls. | |||||
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2022-07-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | |||||
| CVE-2018-21029 | 2 Fedoraproject, Systemd Project | 2 Fedora, Systemd | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent). | |||||
| CVE-2022-32151 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2022-06-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203. Python 3 client libraries now verify server certificates by default and use the appropriate CA certificate stores for each library. Apps and add-ons that include their own HTTP libraries are not affected. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | |||||
| CVE-2022-32156 | 1 Splunk | 2 Splunk, Universal Forwarder | 2022-06-24 | 6.8 MEDIUM | 9.8 CRITICAL |
| In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, connections from misconfigured nodes without valid certificates did not fail by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI) to enable the remediation. | |||||
| CVE-2022-32563 | 1 Couchbase | 1 Sync Gateway | 2022-06-17 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. | |||||
| CVE-2022-22885 | 1 Hutool | 1 Hutool | 2022-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| Hutool v5.7.18's HttpRequest was discovered to ignore all TLS/SSL certificate validation. | |||||
| CVE-2021-40855 | 1 Europa | 1 Technical Specifications For Digital Covid Certificates | 2022-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production. | |||||
| CVE-2021-31597 | 1 Xmlhttprequest-ssl Project | 1 Xmlhttprequest-ssl | 2021-12-08 | 7.5 HIGH | 9.4 CRITICAL |
| The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected. | |||||
| CVE-2021-33907 | 1 Zoom | 1 Meetings | 2021-10-06 | 10.0 HIGH | 9.8 CRITICAL |
| The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. | |||||
| CVE-2021-33695 | 1 Sap | 1 Cloud Connector | 2021-09-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. | |||||
| CVE-2020-11580 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2021-09-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | |||||
| CVE-2021-20110 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2021-07-28 | 10.0 HIGH | 9.8 CRITICAL |
| Due to Manage Engine Asset Explorer Agent 1.0.34 not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the agent's HTTP request verifying its authtoken. In httphandler.cpp, the agent reaching out over HTTP is vulnerable to an Integer Overflow, which can be turned into a Heap Overflow allowing for remote code execution as NT AUTHORITY/SYSTEM on the agent machine. The Integer Overflow occurs when receiving POST response from the Manage Engine server, and the agent calling "HttpQueryInfoW" in order to get the "Content-Length" size from the incoming POST request. This size is taken, but multiplied to a larger amount. If an attacker specifies a Content-Length size of 1073741823 or larger, this integer arithmetic will wrap the value back around to smaller integer, then calls "calloc" with this size to allocate memory. The following API "InternetReadFile" will copy the POST data into this buffer, which will be too small for the contents, and cause heap overflow. | |||||
| CVE-2020-28907 | 1 Nagios | 1 Fusion | 2021-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh. | |||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | |||||
| CVE-2021-3460 | 1 Motorola | 2 Mh702x, Mh702x Firmware | 2021-04-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. | |||||
| CVE-2020-29663 | 1 Icinga | 1 Icinga | 2020-12-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. | |||||
| CVE-2018-11747 | 1 Puppet | 1 Discovery | 2020-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | |||||
| CVE-2020-27648 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2020-11-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-27649 | 1 Synology | 1 Router Manager | 2020-11-09 | 6.8 MEDIUM | 9.0 CRITICAL |
| Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-9868 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| A certificate validation issue existed when processing administrator added certificates. This issue was addressed with improved certificate validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An attacker may have been able to impersonate a trusted website using shared key material for an administrator added certificate. | |||||
| CVE-2020-7043 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2020-10-09 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | |||||
| CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2020-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | |||||
| CVE-2020-24715 | 1 Scalyr | 1 Scalyr Agent | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. | |||||
| CVE-2020-24714 | 1 Scalyr | 1 Scalyr Agent | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. | |||||
| CVE-2019-18847 | 1 Akamai | 1 Enterprise Application Access | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | |||||
| CVE-2018-15387 | 1 Cisco | 1 Sd-wan | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. | |||||
| CVE-2019-10914 | 1 Matrixssl | 1 Matrixssl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | |||||
| CVE-2020-16163 | 1 Ripe | 1 Rpki Validator 3 | 2020-08-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| ** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x before 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote attackers to bypass intended access restrictions, or to trigger denial of service to traffic directed to co-dependent routing systems. NOTE: third parties assert that the behavior is intentionally permitted by RFC 8182. | |||||
| CVE-2019-17560 | 1 Apache | 1 Netbeans | 2020-07-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. | |||||
| CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
| CVE-2020-12637 | 1 Zulipchat | 1 Zulip Desktop | 2020-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | |||||
| CVE-2020-1952 | 1 Apache | 1 Iotdb | 2020-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely. | |||||
| CVE-2020-1887 | 1 Linuxfoundation | 1 Osquery | 2020-03-18 | 5.8 MEDIUM | 9.1 CRITICAL |
| Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | |||||
| CVE-2020-9432 | 1 Lua-openssl Project | 1 Lua-openssl | 2020-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9433 | 1 Lua-openssl Project | 1 Lua-openssl | 2020-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2020-9434 | 1 Lua-openssl Project | 1 Lua-openssl | 2020-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values. | |||||
| CVE-2018-5926 | 1 Hp | 1 Remote Graphics Software | 2020-02-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | |||||
| CVE-2020-7956 | 1 Hashicorp | 1 Nomad | 2020-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | |||||
| CVE-2019-18826 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. | |||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2019-11-15 | 7.5 HIGH | 9.8 CRITICAL |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
| CVE-2019-18632 | 1 Europa | 1 Eidas-node Integration Package | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. | |||||
| CVE-2019-18633 | 1 Europa | 1 Eidas-node Integration Package | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. | |||||
| CVE-2019-3807 | 1 Powerdns | 1 Recursor | 2019-10-09 | 6.4 MEDIUM | 9.8 CRITICAL |
| An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. | |||||