Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-17944 | 1 Asus | 2 Hivivo, Vivobaby | 2019-06-21 | N/A |
| The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation. | ||||
| CVE-2015-5619 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2019-06-17 | N/A |
| Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2018-20135 | 1 Samsung | 1 Galaxy Apps | 2019-06-11 | N/A |
| Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071. | ||||
| CVE-2018-17612 | 2 Microsoft, Sennheiser | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2019-05-15 | N/A |
| Sennheiser HeadSetup 7.3.4903 places Certification Authority (CA) certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or software publishers for several years, even if the HeadSetup product is uninstalled. NOTE: a vulnerability-assessment approach must check all Windows systems for CA certificates with a CN of 127.0.0.1 or SennComRootCA, and determine whether those certificates are unwanted. | ||||
| CVE-2018-5408 | 1 Printerlogic | 1 Print Management | 2019-05-10 | N/A |
| The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. | ||||
| CVE-2019-11550 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2019-05-09 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | ||||
| CVE-2017-1000396 | 1 Jenkins | 1 Jenkins | 2019-05-08 | N/A |
| Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins. | ||||
| CVE-2015-1777 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Rhn-client-tools | 2019-04-22 | N/A |
| rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. | ||||
| CVE-2017-11770 | 1 Microsoft | 1 Aspnetcore | 2019-04-16 | N/A |
| .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | ||||
| CVE-2018-0650 | 1 Linecorp | 1 Line Music | 2019-04-12 | N/A |
| The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-4436 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-04-05 | N/A |
| A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. | ||||
| CVE-2019-5729 | 1 Splunk | 1 Software Development Kit | 2019-03-27 | N/A |
| Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks. | ||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2019-03-26 | N/A |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2019-6702 | 1 Mastercard | 1 Qkr\! With Masterpass | 2019-03-22 | N/A |
| The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | ||||
| CVE-2017-7080 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate. | ||||
| CVE-2019-8337 | 1 Marlam | 2 Mpop, Msmtp | 2019-03-01 | N/A |
| In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | ||||
| CVE-2019-6266 | 1 Cordaware | 1 Bestinformed | 2019-02-28 | N/A |
| Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | ||||
| CVE-2019-6592 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2019-02-28 | N/A |
| On BIG-IP 14.1.0-14.1.0.1, TMM may restart and produce a core file when validating SSL certificates in client SSL or server SSL profiles. | ||||
| CVE-2016-5016 | 1 Pivotal Software | 4 Cloud Foundry, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa and 1 more | 2019-02-26 | N/A |
| Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. | ||||
| CVE-2019-7728 | 1 Bosch | 1 Smart Camera | 2019-02-22 | N/A |
| An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | ||||