Total
987 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0104 | 1 Clusterlabs | 1 Fence-agents | 2020-01-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | |||||
| CVE-2014-0161 | 1 Ovirt-engine-sdk-python Project | 1 Ovirt-engine-sdk-python | 2020-01-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. | |||||
| CVE-2019-18826 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. | |||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2019-12-19 | 5.0 MEDIUM | 7.5 HIGH |
| duplicity 0.6.24 has improper verification of SSL certificates | |||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2019-12-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | |||||
| CVE-2019-19271 | 1 Proftpd | 1 Proftpd | 2019-12-11 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | |||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2019-12-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
| CVE-2019-11554 | 1 Amazon | 1 Audible | 2019-12-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | |||||
| CVE-2012-5518 | 1 Ovirt | 1 Vdsm | 2019-12-09 | 4.3 MEDIUM | 7.5 HIGH |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | |||||
| CVE-2014-2901 | 1 Wolfssl | 1 Wolfssl | 2019-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | |||||
| CVE-2014-2902 | 1 Wolfssl | 1 Wolfssl | 2019-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | |||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2019-11-15 | 4.3 MEDIUM | 5.9 MEDIUM |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | |||||
| CVE-2014-7143 | 1 Twistedmatrix | 1 Twisted | 2019-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| Python Twisted 14.0 trustRoot is not respected in HTTP client | |||||
| CVE-2009-3552 | 1 Redhat | 1 Enterprise Virtualization Manager | 2019-11-12 | 2.9 LOW | 3.1 LOW |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | |||||
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2019-11-09 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | |||||
| CVE-2019-3685 | 1 Opensuse | 1 Open Build Service | 2019-11-08 | 6.8 MEDIUM | 7.7 HIGH |
| Open Build Service before version 0.165.4 diddn't validate TLS certificates for HTTPS connections with the osc client binary | |||||
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2019-11-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | |||||
| CVE-2019-18632 | 1 Europa | 1 Eidas-node Integration Package | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. | |||||
| CVE-2019-18633 | 1 Europa | 1 Eidas-node Integration Package | 2019-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. | |||||
| CVE-2010-4237 | 1 Mercurial | 1 Mercurial | 2019-10-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | |||||