Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-11086 | 1 Oauth-ruby Project | 1 Oauth-ruby | 2020-10-05 | 5.8 MEDIUM | 7.4 HIGH |
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
| CVE-2020-24560 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server. | |||||
| CVE-2020-4340 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2020-09-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180. | |||||
| CVE-2020-1113 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-28 | 9.3 HIGH | 7.5 HIGH |
| A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. | |||||
| CVE-2018-1000500 | 1 Busybox | 1 Busybox | 2020-09-24 | 6.8 MEDIUM | 8.1 HIGH |
| Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". | |||||
| CVE-2020-6781 | 1 Bosch | 1 Smart Home | 2020-09-22 | 5.8 MEDIUM | 7.4 HIGH |
| Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | |||||
| CVE-2018-19946 | 1 Qnap | 1 Helpdesk | 2020-09-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The vulnerability have been reported to affect earlier versions of Helpdesk. If exploited, this improper certificate validation vulnerability could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. QNAP has already fixed the issue in Helpdesk 3.0.3 and later. | |||||
| CVE-2020-25276 | 1 Primekey | 1 Ejbca | 2020-09-16 | 6.8 MEDIUM | 7.3 HIGH |
| An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) | |||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2020-09-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||||
| CVE-2020-15498 | 1 Asus | 2 Rt-ac1900p, Rt-ac1900p Firmware | 2020-09-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_20253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files. | |||||
| CVE-2020-24715 | 1 Scalyr | 1 Scalyr Agent | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName. | |||||
| CVE-2020-24714 | 1 Scalyr | 1 Scalyr Agent | 2020-09-03 | 6.8 MEDIUM | 9.8 CRITICAL |
| The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, the openssl binary is called without the -verify_hostname option. | |||||
| CVE-2020-24613 | 1 Wolfssl | 1 Wolfssl | 2020-09-01 | 4.9 MEDIUM | 6.8 MEDIUM |
| wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. | |||||
| CVE-2019-18847 | 1 Akamai | 1 Enterprise Application Access | 2020-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | |||||
| CVE-2018-15387 | 1 Cisco | 1 Sd-wan | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass certificate validation on an affected device. The vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by supplying a system image signed with a crafted certificate to an affected device, bypassing the certificate validation. An exploit could allow an attacker to deploy a crafted system image. | |||||
| CVE-2019-10091 | 1 Apache | 1 Geode | 2020-08-24 | 4.0 MEDIUM | 7.4 HIGH |
| When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack. | |||||
| CVE-2018-11087 | 1 Pivotal Software | 2 Rabbitmq, Spring Advanced Message Queuing Protocol | 2020-08-24 | 4.3 MEDIUM | 5.9 MEDIUM |
| Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation. A malicious user that has the ability to intercept traffic would be able to view data in transit. | |||||
| CVE-2019-1006 | 1 Microsoft | 13 .net Framework, Identitymodel, Sharepoint Enterprise Server and 10 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'. | |||||
| CVE-2019-10914 | 1 Matrixssl | 1 Matrixssl | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | |||||
| CVE-2019-6687 | 1 F5 | 1 Big-ip Application Security Manager | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | |||||