Total
987 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15498 | 1 Asus | 2 Rt-ac1900p, Rt-ac1900p Firmware | 2020-09-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. | |||||
| CVE-2020-24715 | 1 Scalyr | 1 Scalyr Agent | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. | |||||
| CVE-2020-24714 | 1 Scalyr | 1 Scalyr Agent | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. | |||||
| CVE-2020-24613 | 1 Wolfssl | 1 Wolfssl | 2020-09-01 | 4.9 MEDIUM | 6.8 MEDIUM |
| wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. | |||||
| CVE-2019-18847 | 1 Akamai | 1 Enterprise Application Access | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | |||||
| CVE-2018-15387 | 1 Cisco | 1 Sd-wan | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. | |||||
| CVE-2019-6687 | 1 F5 | 1 Big-ip Application Security Manager | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | |||||
| CVE-2018-11087 | 1 Pivotal Software | 2 Rabbitmq, Spring Advanced Message Queuing Protocol | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. | |||||
| CVE-2019-1006 | 1 Microsoft | 13 .net Framework, Identitymodel, Sharepoint Enterprise Server and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | |||||
| CVE-2019-10091 | 1 Apache | 1 Geode | 2020-08-24 | 4.0 MEDIUM | 7.4 HIGH |
| When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack. | |||||
| CVE-2019-10914 | 1 Matrixssl | 1 Matrixssl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | |||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2020-08-18 | 5.0 MEDIUM | 7.5 HIGH |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2020-08-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | |||||
| CVE-2016-1252 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2020-08-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | |||||
| CVE-2017-15528 | 1 Norton | 1 Install Norton Security | 2020-08-12 | 4.3 MEDIUM | 3.7 LOW |
| Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target. | |||||
| CVE-2020-15134 | 1 Faye Project | 1 Faye | 2020-08-11 | 6.4 MEDIUM | 8.7 HIGH |
| Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake whenever a `wss:` URL is used for the connection. This method does not implement certificate verification by default, meaning that it does not check that the server presents a valid and trusted TLS certificate for the expected hostname. That means that any `https:` or `wss:` connection made using these libraries is vulnerable to a man-in-the-middle attack, since it does not confirm the identity of the server it is connected to. The first request a Faye client makes is always sent via normal HTTP, but later messages may be sent via WebSocket. Therefore it is vulnerable to the same problem that these underlying libraries are, and we needed both libraries to support TLS verification before Faye could claim to do the same. Your client would still be insecure if its initial HTTPS request was verified, but later WebSocket connections were not. This is fixed in Faye v1.4.0, which enables verification by default. For further background information on this issue, please see the referenced GitHub Advisory. | |||||
| CVE-2013-0776 | 5 Canonical, Debian, Mozilla and 2 more | 13 Ubuntu Linux, Debian Linux, Firefox and 10 more | 2020-08-06 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. | |||||
| CVE-2020-10925 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-07-29 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647. | |||||
| CVE-2020-15720 | 1 Dogtagpki | 1 Dogtagpki | 2020-07-23 | 4.0 MEDIUM | 6.8 MEDIUM |
| In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1. | |||||