Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13615 | 1 Qore | 1 Qore | 2020-05-28 | 5.9 Medium |
| lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. | ||||
| CVE-2010-4685 | 1 Cisco | 1 Ios | 2020-05-19 | N/A |
| Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. | ||||
| CVE-2020-12637 | 1 Zulipchat | 1 Zulip Desktop | 2020-05-13 | 9.8 Critical |
| Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | ||||
| CVE-2020-1952 | 1 Apache | 1 Iotdb | 2020-05-04 | 9.8 Critical |
| An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients could execute code remotely. | ||||
| CVE-2020-11806 | 1 Mailstore | 1 Mailstore Server | 2020-05-01 | 5.9 Medium |
| In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. | ||||
| CVE-2020-5864 | 1 F5 | 1 Nginx Controller | 2020-04-30 | 7.4 High |
| In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | ||||
| CVE-2020-11792 | 1 Netgear | 8 R8900, R8900 Firmware, R9000 and 5 more | 2020-04-21 | 7.5 High |
| NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | ||||
| CVE-2019-4654 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2020-04-20 | 4.8 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965. | ||||
| CVE-2011-3024 | 1 Google | 1 Chrome | 2020-04-16 | N/A |
| Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. | ||||
| CVE-2019-1010206 | 1 Http Request Project | 1 Http Request | 2020-04-14 | 5.9 Medium |
| OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing. | ||||
| CVE-2011-3061 | 1 Google | 1 Chrome | 2020-04-14 | N/A |
| Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-11751 | 1 Puppet | 1 Puppet Server | 2020-04-07 | 5.4 Medium |
| Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. | ||||
| CVE-2020-1887 | 1 Linuxfoundation | 1 Osquery | 2020-04-03 | 9.1 Critical |
| Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust. | ||||
| CVE-2019-3762 | 1 Dell | 2 Emc Data Protection Central, Emc Integrated Data Protection Appliance | 2020-03-27 | 7.5 High |
| Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. | ||||
| CVE-2019-11688 | 1 Asustor | 1 Exfat Driver | 2020-03-24 | 7.4 High |
| An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation. | ||||
| CVE-2020-10659 | 2 Entrustdatacard, Microsoft | 2 Entelligence Security Provider, Windows | 2020-03-24 | 4.3 Medium |
| Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | ||||
| CVE-2020-6175 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2020-03-20 | 5.9 Medium |
| Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. | ||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2020-03-10 | 5.5 Medium |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | ||||
| CVE-2020-8987 | 1 Avast | 2 Antitrack, Avg Antitrack | 2020-03-10 | 7.4 High |
| Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.) | ||||
| CVE-2020-3155 | 1 Cisco | 11 Intelligence Proximity, Jabber, Meeting and 8 more | 2020-03-05 | 7.4 High |
| A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints. | ||||