Search
Total
309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | |||||
| CVE-2020-15604 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified. | |||||
| CVE-2019-15604 | 1 Nodejs | 1 Node.js | 2021-07-20 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | |||||
| CVE-2021-1134 | 1 Cisco | 1 Dna Center | 2021-07-02 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. | |||||
| CVE-2019-13050 | 5 F5, Fedoraproject, Gnupg and 2 more | 5 Traffix Signaling Delivery Controller, Fedora, Gnupg and 2 more | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. | |||||
| CVE-2020-15732 | 1 Bitdefender | 3 Antivirus Plus, Internet Security, Total Security | 2021-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS) checks. This issue affects: Bitdefender Total Security versions prior to 25.0.7.29. Bitdefender Internet Security versions prior to 25.0.7.29. Bitdefender Antivirus Plus versions prior to 25.0.7.29. | |||||
| CVE-2021-1566 | 1 Cisco | 3 Asyncos, Email Security Appliance, Web Security Appliance | 2021-06-23 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. | |||||
| CVE-2021-29504 | 1 Wp-cli | 1 Wp-cli | 2021-06-17 | 7.5 HIGH | 7.4 HIGH |
| WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\Utils\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\Utils\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\Utils\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior. | |||||
| CVE-2019-11324 | 2 Canonical, Python | 2 Ubuntu Linux, Urllib3 | 2021-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | |||||
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2021-06-14 | 7.8 HIGH | 7.5 HIGH |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | |||||
| CVE-2021-24012 | 1 Fortinet | 1 Fortios | 2021-06-14 | 7.5 HIGH | 7.3 HIGH |
| An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | |||||
| CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2021-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | |||||
| CVE-2021-22909 | 1 Ui | 2 Edgemax Edgerouter, Edgemax Edgerouter Firmware | 2021-06-08 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability found in EdgeMAX EdgeRouter V2.0.9 and earlier could allow a malicious actor to execute a man-in-the-middle (MitM) attack during a firmware update. This vulnerability is fixed in EdgeMAX EdgeRouter V2.0.9-hotfix.1 and later. | |||||
| CVE-2021-32919 | 3 Debian, Fedoraproject, Prosody | 3 Debian Linux, Fedora, Prosody | 2021-05-26 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled). | |||||
| CVE-2021-29495 | 1 Nim-lang | 1 Nim | 2021-05-14 | 5.0 MEDIUM | 7.5 HIGH |
| Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented. | |||||
| CVE-2021-29653 | 1 Hashicorp | 1 Vault | 2021-04-29 | 4.3 MEDIUM | 7.5 HIGH |
| HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1. | |||||
| CVE-2021-27400 | 1 Hashicorp | 1 Vault | 2021-04-27 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1 | |||||
| CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2021-04-13 | 6.5 MEDIUM | 8.8 HIGH |
| The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | |||||
| CVE-2021-27899 | 1 Proofpoint | 1 Insider Threat Management | 2021-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. | |||||
| CVE-2020-35733 | 2 Erlang, Fedoraproject | 2 Erlang\/otp, Fedora | 2021-03-31 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | |||||
| CVE-2021-21374 | 1 Nim-lang | 1 Nim | 2021-03-30 | 6.8 MEDIUM | 8.1 HIGH |
| Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | |||||
| CVE-2021-21385 | 1 Mifos | 1 Mifos-mobile | 2021-03-30 | 5.8 MEDIUM | 7.4 HIGH |
| Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62. | |||||
| CVE-2021-27098 | 1 Cncf | 1 Spire | 2021-03-16 | 5.5 MEDIUM | 8.1 HIGH |
| In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1. | |||||
| CVE-2021-22189 | 1 Gitlab | 1 Gitlab | 2021-03-10 | 6.5 MEDIUM | 7.2 HIGH |
| Starting with version 13.7 the Gitlab CE/EE editions were affected by a security issue related to the validation of the certificates for the Fortinet OTP that could result in authentication issues. | |||||
| CVE-2018-11775 | 2 Apache, Oracle | 3 Activemq, Enterprise Repository, Flexcube Private Banking | 2021-03-05 | 5.8 MEDIUM | 7.4 HIGH |
| TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. | |||||
| CVE-2020-13163 | 1 Em-imap Project | 1 Em-imap | 2021-03-04 | 5.8 MEDIUM | 7.4 HIGH |
| em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | |||||
| CVE-2021-3336 | 1 Wolfssl | 1 Wolfssl | 2021-03-04 | 6.8 MEDIUM | 8.1 HIGH |
| DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers. | |||||
| CVE-2020-13482 | 2 Em-http-request Project, Fedoraproject | 2 Em-http-request, Fedora | 2021-02-24 | 5.8 MEDIUM | 7.4 HIGH |
| EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | |||||
| CVE-2021-26911 | 2 Canarymail, Libmailcore | 2 Canary Mail, Mailcore2 | 2021-02-24 | 5.8 MEDIUM | 7.4 HIGH |
| core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode. | |||||
| CVE-2019-17007 | 2 Mozilla, Siemens | 17 Network Security Services, Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware and 14 more | 2021-02-19 | 5.0 MEDIUM | 7.5 HIGH |
| In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | |||||
| CVE-2021-0341 | 1 Google | 1 Android | 2021-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069 | |||||
| CVE-2021-3309 | 1 Wekan Project | 1 Wekan | 2021-02-02 | 6.8 MEDIUM | 8.1 HIGH |
| packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store, | |||||
| CVE-2019-16281 | 1 Ptarmigan Project | 1 Ptarmigan | 2021-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block. | |||||
| CVE-2020-8289 | 1 Backblaze | 1 Backblaze | 2020-12-31 | 9.3 HIGH | 7.8 HIGH |
| Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | |||||
| CVE-2020-16164 | 1 Ripe | 1 Rpki Validator 3 | 2020-12-30 | 5.8 MEDIUM | 7.4 HIGH |
| ** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate Revocation List files from the RPKI relying party's view. NOTE: some third parties may regard this as a preferred behavior, not a vulnerability. | |||||
| CVE-2018-8020 | 2 Apache, Debian | 2 Tomcat Native, Debian Linux | 2020-12-24 | 4.3 MEDIUM | 7.4 HIGH |
| Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability. | |||||
| CVE-2012-0955 | 1 Canonical | 1 Software-properties | 2020-12-08 | 5.8 MEDIUM | 7.4 HIGH |
| software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | |||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2020-11-25 | 5.8 MEDIUM | 7.4 HIGH |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | |||||
| CVE-2020-27589 | 1 Synopsys | 1 Hub-rest-api-python | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | |||||
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2020-11-16 | 6.8 MEDIUM | 8.1 HIGH |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
| CVE-2020-26117 | 3 Debian, Opensuse, Tigervnc | 3 Debian Linux, Leap, Tigervnc | 2020-11-06 | 5.8 MEDIUM | 8.1 HIGH |
| In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. | |||||
| CVE-2018-1000520 | 1 Arm | 1 Mbed Tls | 2020-11-05 | 5.0 MEDIUM | 7.5 HIGH |
| ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. | |||||
| CVE-2019-1886 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2020-10-16 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. | |||||
| CVE-2019-1859 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2020-10-13 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. | |||||
| CVE-2016-11086 | 1 Oauth-ruby Project | 1 Oauth-ruby | 2020-10-05 | 5.8 MEDIUM | 7.4 HIGH |
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
| CVE-2020-5913 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2020-09-30 | 5.8 MEDIUM | 7.4 HIGH |
| In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. | |||||
| CVE-2020-24560 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | |||||
| CVE-2018-1000500 | 1 Busybox | 1 Busybox | 2020-09-24 | 6.8 MEDIUM | 8.1 HIGH |
| Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". | |||||
| CVE-2020-6781 | 1 Bosch | 1 Smart Home | 2020-09-22 | 5.8 MEDIUM | 7.4 HIGH |
| Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | |||||
| CVE-2020-25276 | 1 Primekey | 1 Ejbca | 2020-09-16 | 6.8 MEDIUM | 7.3 HIGH |
| An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) | |||||