Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29663 | 1 Icinga | 1 Icinga | 2020-12-18 | 9.1 Critical |
| Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL. This issue is fixed in Icinga 2 v2.11.8 and v2.12.3. | ||||
| CVE-2012-0955 | 1 Canonical | 1 Software-properties | 2020-12-08 | 7.4 High |
| software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | ||||
| CVE-2020-29440 | 1 Tesla | 2 Model X, Model X Firmware | 2020-12-04 | 4.6 Medium |
| Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. | ||||
| CVE-2020-28942 | 1 Primekey | 1 Ejbca | 2020-12-03 | 4.3 Medium |
| An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates (for the RA, not the end user) to a limited set of allowed CAs, thus restricting the accessibility of that RA to the rights it has within a specific role. While this works for other protocols such as CMP, it was found that the EJBCA enrollment over an EST implementation bypasses this check, allowing enrollment with a valid client certificate through any functioning and authenticated RA connected to the CA. NOTE: an attacker must already have a trusted client certificate and authorization to enroll against the targeted CA. | ||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2020-11-25 | 7.4 High |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | ||||
| CVE-2020-27589 | 1 Synopsys | 1 Hub-rest-api-python | 2020-11-20 | 7.5 High |
| Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | ||||
| CVE-2020-27648 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2020-11-09 | 9.0 Critical |
| Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-27649 | 1 Synology | 1 Router Manager | 2020-11-09 | 9.0 Critical |
| Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-1000520 | 1 Arm | 1 Mbed Tls | 2020-11-05 | N/A |
| ARM mbedTLS version 2.7.0 and earlier contains a Ciphersuite Allows Incorrectly Signed Certificates vulnerability in mbedtls_ssl_get_verify_result() that can result in ECDSA-signed certificates are accepted, when only RSA-signed ones should be.. This attack appear to be exploitable via Peers negotiate a TLS-ECDH-RSA-* ciphersuite. Any of the peers can then provide an ECDSA-signed certificate, when only an RSA-signed one should be accepted.. | ||||
| CVE-2019-8642 | 1 Apple | 1 Mac Os X | 2020-11-02 | 3.3 Low |
| An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | ||||
| CVE-2019-1886 | 1 Cisco | 2 Asyncos, Web Security Appliance | 2020-10-16 | 8.6 High |
| A vulnerability in the HTTPS decryption feature of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of Secure Sockets Layer (SSL) server certificates. An attacker could exploit this vulnerability by installing a malformed certificate in a web server and sending a request to it through the Cisco WSA. A successful exploit could allow the attacker to cause an unexpected restart of the proxy process on an affected device. | ||||
| CVE-2009-3767 | 4 Apple, Fedoraproject, Openldap and 1 more | 4 Mac Os X, Fedora, Openldap and 1 more | 2020-10-14 | N/A |
| libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2019-1859 | 1 Cisco | 228 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 225 more | 2020-10-13 | 7.2 High |
| A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the attacker to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default. | ||||
| CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2020-10-09 | 9.8 Critical |
| A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | ||||
| CVE-2016-11086 | 1 Oauth-ruby Project | 1 Oauth-ruby | 2020-10-05 | 7.4 High |
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | ||||
| CVE-2020-24560 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2020-09-30 | 7.5 High |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | ||||
| CVE-2020-4340 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2020-09-28 | 4.3 Medium |
| IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | ||||
| CVE-2020-1113 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-28 | 7.5 High |
| A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. | ||||
| CVE-2018-1000500 | 1 Busybox | 1 Busybox | 2020-09-24 | 8.1 High |
| Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". | ||||
| CVE-2020-6781 | 1 Bosch | 1 Smart Home | 2020-09-22 | 7.4 High |
| Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | ||||