Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38864 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 7.5 High |
| IBM Security Verify Bridge 1.0.5.0 could allow a user to obtain sensitive information due to improper certificate validation. IBM X-Force ID: 208155. | ||||
| CVE-2021-20435 | 1 Ibm | 1 Security Verify Bridge | 2021-09-29 | 5.5 Medium |
| IBM Security Verify Bridge 1.0.5.0 does not properly validate a certificate which could allow a local attacker to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 196355. | ||||
| CVE-2021-33695 | 1 Sap | 1 Cloud Connector | 2021-09-28 | 9.1 Critical |
| Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate. | ||||
| CVE-2020-11580 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2021-09-16 | 9.1 Critical |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | ||||
| CVE-2021-1837 | 1 Apple | 2 Ipados, Iphone Os | 2021-09-15 | 5.3 Medium |
| A certificate validation issue was addressed. This issue is fixed in iOS 14.5 and iPadOS 14.5. An attacker in a privileged network position may be able to alter network traffic. | ||||
| CVE-2021-37218 | 1 Hashicorp | 1 Nomad | 2021-09-13 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | ||||
| CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2021-09-09 | 5.9 Medium |
| Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | ||||
| CVE-2016-4840 | 1 Toshiba | 1 Coordinate Plus | 2021-09-09 | 5.9 Medium |
| Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | ||||
| CVE-2021-27018 | 1 Puppet | 1 Remediate | 2021-09-07 | 7.5 High |
| The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue only affects clients that are configured to utilize Tenable.sc as the vulnerability data source. | ||||
| CVE-2021-39361 | 1 Gnome | 1 Evolution-rss | 2021-08-30 | 5.9 Medium |
| In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011. | ||||
| CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2021-08-25 | 7.5 High |
| iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | ||||
| CVE-2021-31399 | 1 2n | 2 Access Unit 2.0, Access Unit 2.0 Firmware | 2021-08-24 | 5.9 Medium |
| On 2N Access Unit 2.0 2.31.0.40.5 devices, an attacker can pose as the web relay for a man-in-the-middle attack. | ||||
| CVE-2019-5538 | 1 Vmware | 1 Vcenter Server | 2021-08-24 | 5.9 Medium |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over SCP. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | ||||
| CVE-2019-5537 | 1 Vmware | 1 Vcenter Server | 2021-08-24 | 5.9 Medium |
| Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance (6.7 before 6.7u3a and 6.5 before 6.5u3d) may allow a malicious actor to intercept sensitive data in transit over FTPS and HTTPS. A malicious actor with man-in-the-middle positioning between vCenter Server Appliance and a backup target may be able to intercept sensitive data in transit during File-Based Backup and Restore operations. | ||||
| CVE-2020-3994 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2021-08-24 | 7.4 High |
| VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. | ||||
| CVE-2021-32069 | 1 Mitel | 1 Micollab | 2021-08-23 | 4.8 Medium |
| The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data. | ||||
| CVE-2021-32581 | 1 Acronis | 3 Cyber Protect Cloud, Cyber Protection Agent, True Image | 2021-08-12 | 8.1 High |
| Acronis True Image prior to 2021 Update 4 for Windows, Acronis True Image prior to 2021 Update 5 for Mac, Acronis Agent prior to build 26653, Acronis Cyber Protect prior to build 27009 did not implement SSL certificate validation. | ||||
| CVE-2017-6594 | 2 Heimdal Project, Opensuse | 2 Heimdal, Leap | 2021-08-12 | 7.5 High |
| The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | ||||
| CVE-2018-0786 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2021-08-12 | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | ||||
| CVE-2021-35193 | 1 Pattersondental | 1 Eaglesoft | 2021-08-11 | 7.5 High |
| Patterson Application Service in Patterson Eaglesoft 18 through 21 accepts the same certificate authentication across different customers' installations (that have the same software version). This provides remote access to SQL database credentials. (In the normal use of the product, retrieving those credentials only occurs after a username/password authentication step; however, this authentication step is on the client side, and an attacker can develop their own client that skips this step.) | ||||