Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18568 | 1 Polycom | 5 Unified Communications Software, Vvx 500, Vvx 500 Firmware and 2 more | 2021-06-15 | 5.9 Medium |
| Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | ||||
| CVE-2021-24012 | 1 Fortinet | 1 Fortios | 2021-06-14 | 7.3 High |
| An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority. | ||||
| CVE-2016-20011 | 1 Gnome | 1 Libgrss | 2021-06-09 | 7.5 High |
| libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the default behavior of SoupSessionSync. | ||||
| CVE-2020-28907 | 1 Nagios | 1 Fusion | 2021-06-03 | 9.8 Critical |
| Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to download of an untrusted update package in upgrade_to_latest.sh. | ||||
| CVE-2007-5967 | 1 Mozilla | 1 Firefox | 2021-05-26 | 6.5 Medium |
| A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | ||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2021-05-19 | 5.9 Medium |
| MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | ||||
| CVE-2021-29495 | 1 Nim-lang | 1 Nim | 2021-05-14 | 7.5 High |
| Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented. | ||||
| CVE-2020-36127 | 1 Paxtechnology | 1 Paxstore | 2021-05-13 | 6.5 Medium |
| Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the option to replace the current certificate and it is not possible to view the certificate password (p12) already deployed on the platform. The replacement p12 certificate returns to users in base64 with its password, which can be accessed by non-administrator users. | ||||
| CVE-2021-29653 | 1 Hashicorp | 1 Vault | 2021-04-29 | 7.5 High |
| HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1. | ||||
| CVE-2021-27400 | 1 Hashicorp | 1 Vault | 2021-04-27 | 7.5 High |
| HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when connecting to Cassandra clusters. Fixed in 1.6.4 and 1.7.1 | ||||
| CVE-2019-14334 | 1 Dlink | 6 6600-ap, 6600-ap Firmware, Dwl-3600ap and 3 more | 2021-04-23 | 5.5 Medium |
| An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. | ||||
| CVE-2012-5783 | 2 Apache, Canonical | 2 Httpclient, Ubuntu Linux | 2021-04-23 | N/A |
| Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2021-04-23 | 9.8 Critical |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | ||||
| CVE-2021-3460 | 1 Motorola | 2 Mh702x, Mh702x Firmware | 2021-04-21 | 9.8 Critical |
| The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker. | ||||
| CVE-2021-27899 | 1 Proofpoint | 1 Insider Threat Management | 2021-04-12 | 7.4 High |
| The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. | ||||
| CVE-2016-4830 | 1 Akindo-sushiro | 1 Sushiro | 2021-04-01 | 5.9 Medium |
| Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | ||||
| CVE-2021-21373 | 1 Nim-lang | 1 Nim | 2021-03-31 | 5.9 Medium |
| Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | ||||
| CVE-2021-21374 | 1 Nim-lang | 1 Nim | 2021-03-30 | 8.1 High |
| Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | ||||
| CVE-2021-21385 | 1 Mifos | 1 Mifos-mobile | 2021-03-30 | 7.4 High |
| Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62. | ||||
| CVE-2020-29457 | 1 Opcfoundation | 1 Ua-.netstandard | 2021-03-26 | 4.4 Medium |
| A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection. | ||||