Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-0248 | 1 Microsoft | 1 .net Framework | 2019-10-03 | N/A |
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | ||||
| CVE-2018-6517 | 1 Puppet | 1 Chloride | 2019-10-03 | N/A |
| Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride. | ||||
| CVE-2017-17301 | 1 Huawei | 56 Ar120-s, Ar120-s Firmware, Ar1200 and 53 more | 2019-10-03 | N/A |
| Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR160 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR200 V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR2200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR2200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR3200 V200R005C32, V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R005C32, V200R006C10, V200R007C00, V200R008C20, CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 5800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 6800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, CloudEngine 7800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00, V200R001C00, DP300 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, SRG1300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG2300 V200R005C32, V200R006C10, V200R007C00, V200R007C02, V200R008C20, SRG3300 V200R005C32, V200R006C10, V200R007C00, V200R008C20, TE30 V100R001C10, TE60 V100R003C00, V500R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, ViewPoint 8660 V100R008C02, V100R008C03, eSpace IAD V300R002C01, eSpace U1981 V200R003C20, V200R003C30, eSpace USM V100R001C01, V300R001C00 have a weak cryptography vulnerability. Due to not properly some values in the certificates, an unauthenticated remote attacker could forges a specific RSA certificate and exploits the vulnerability to pass identity authentication and logs into the target device to obtain permissions configured for the specific user name. | ||||
| CVE-2017-3563 | 1 Oracle | 1 Vm Virtualbox | 2019-10-03 | N/A |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2017-15114 | 1 Redhat | 1 Openstack Platform | 2019-10-03 | N/A |
| When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. | ||||
| CVE-2018-10404 | 1 Objective-see | 5 Knockknock, Lulu, Procinfo and 2 more | 2019-10-03 | N/A |
| An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2018-10403 | 1 F-secure | 1 Xfence | 2019-10-03 | N/A |
| An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2017-11132 | 1 Heinekingmedia | 1 Stashcat | 2019-10-03 | 7.5 High |
| An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it. | ||||
| CVE-2018-16261 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2019-10-03 | N/A |
| In Pulse Secure Pulse Desktop Client 5.3RX before 5.3R5 and 9.0R1, there is a Privilege Escalation Vulnerability with Dynamic Certificate Trust. | ||||
| CVE-2019-11497 | 1 Couchbase | 1 Couchbase Server | 2019-09-26 | 7.5 High |
| In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate. | ||||
| CVE-2019-1231 | 1 Microsoft | 1 Project Rome | 2019-09-12 | 5.9 Medium |
| An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'. | ||||
| CVE-2019-16179 | 1 Limesurvey | 1 Limesurvey | 2019-09-10 | 5.3 Medium |
| Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. | ||||
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2019-08-30 | N/A |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | ||||
| CVE-2017-18588 | 1 Security-framework Project | 1 Security-framework | 2019-08-30 | N/A |
| An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates. | ||||
| CVE-2019-5280 | 1 Huawei | 2 Cloudlink Phone 7900, Cloudlink Phone 7900 Firmware | 2019-08-27 | N/A |
| The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones. | ||||
| CVE-2019-14516 | 1 Uidai | 1 Maadhaar | 2019-08-19 | N/A |
| The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. | ||||
| CVE-2017-18479 | 1 Cpanel | 1 Cpanel | 2019-08-12 | N/A |
| In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209). | ||||
| CVE-2019-11242 | 1 Cohesity | 1 Dataplatform | 2019-07-17 | N/A |
| A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. | ||||
| CVE-2019-5961 | 1 Mastodon-tootdon | 1 Tootdon For Mastodon | 2019-07-10 | N/A |
| The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-17945 | 1 Asus | 2 Hivivo, Vivobaby | 2019-07-03 | N/A |
| The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation. | ||||