Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0518 | 1 Linecorp | 1 Line | 2018-03-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-6709 | 2 Elinks, Twibright | 2 Elinks, Links | 2018-03-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | |||||
| CVE-2017-17455 | 1 Mahara | 1 Mahara | 2018-03-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present. | |||||
| CVE-2017-9968 | 1 Schneider-electric | 1 Igss Mobile | 2018-03-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack. | |||||
| CVE-2018-6827 | 1 Omninova | 2 Vobot, Vobot Firmware | 2018-03-08 | 6.8 MEDIUM | 8.1 HIGH |
| VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. | |||||
| CVE-2017-12721 | 1 Smiths-medical | 1 Medfusion 4000 Wireless Syringe Infusion Pump | 2018-03-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack. | |||||
| CVE-2018-6374 | 1 Pulsesecure | 1 Desktop Linux Client | 2018-02-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. | |||||
| CVE-2017-15341 | 1 Huawei | 8 Ar3200, Ar3200 Firmware, Te40 and 5 more | 2018-02-22 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device. | |||||
| CVE-2018-5761 | 1 Rubrik | 1 Cdm | 2018-02-15 | 4.3 MEDIUM | 8.1 HIGH |
| A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter. | |||||
| CVE-2017-1000417 | 1 Matrixssl | 1 Matrixssl | 2018-02-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | |||||
| CVE-2017-6142 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2018-02-06 | 5.8 MEDIUM | 4.8 MEDIUM |
| X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP. | |||||
| CVE-2018-5258 | 1 Banconeon | 1 Neon | 2018-02-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2981 | 1 Yodobashi | 1 Yodobashi | 2018-02-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3607 | 1 Ldaptive | 2 Ldaptive, Vt-ldap | 2018-01-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2015-2320 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2018-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | |||||
| CVE-2015-2319 | 1 Mono-project | 1 Mono | 2018-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | |||||
| CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2018-01-30 | 6.8 MEDIUM | 8.1 HIGH |
| The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | |||||
| CVE-2017-1000415 | 1 Matrixssl | 1 Matrixssl | 2018-01-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | |||||
| CVE-2017-17718 | 1 Net-ldap Project | 1 Net-ldap | 2018-01-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | |||||
| CVE-2017-17716 | 1 Gitlab | 1 Gitlab | 2018-01-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem. | |||||