Vulnerabilities (CVE)

Filtered by CWE-295
Total 1102 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40830 3 Amazon, Linux, Opengroup 4 Amazon Web Services Aws-c-io, Amazon Web Services Internet Of Things Device Software Development Kit V2, Linux Kernel and 1 more 2024-11-21 5.8 MEDIUM 6.3 MEDIUM
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system’s default trust-store. Attackers with access to a host’s trust stores or are able to compromise a certificate authority already in the host's trust store (note: the attacker must also be able to spoof DNS in this case) may be able to use this issue to bypass CA pinning. An attacker could then spoof the MQTT broker, and either drop traffic and/or respond with the attacker's data, but they would not be able to forward this data on to the MQTT broker because the attacker would still need the user's private keys to authenticate against the MQTT broker. The 'aws_tls_ctx_options_override_default_trust_store_*' function within the aws-c-io submodule has been updated to override the default trust store. This corrects this issue. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.5.0 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Linux/Unix. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Linux/Unix. Amazon Web Services AWS-C-IO 0.10.4 on Linux/Unix.
CVE-2021-40829 2 Amazon, Apple 2 Amazon Web Services Internet Of Things Device Software Development Kit V2, Macos 2024-11-21 5.8 MEDIUM 6.3 MEDIUM
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.4.2), Python (versions prior to 1.6.1), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on MacOS. This issue has been addressed in aws-c-io submodule versions 0.10.5 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.4.2 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.6.1 on macOS. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on macOS. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on macOS. Amazon Web Services AWS-C-IO 0.10.4 on macOS.
CVE-2021-40828 2 Amazon, Microsoft 3 Amazon Web Services Aws-c-io, Amazon Web Services Internet Of Things Device Software Development Kit V2, Windows 2024-11-21 5.8 MEDIUM 6.3 MEDIUM
Connections initialized by the AWS IoT Device SDK v2 for Java (versions prior to 1.3.3), Python (versions prior to 1.5.18), C++ (versions prior to 1.12.7) and Node.js (versions prior to 1.5.1) did not verify server certificate hostname during TLS handshake when overriding Certificate Authorities (CA) in their trust stores on Windows. This issue has been addressed in aws-c-io submodule versions 0.9.13 onward. This issue affects: Amazon Web Services AWS IoT Device SDK v2 for Java versions prior to 1.3.3 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Python versions prior to 1.5.18 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for C++ versions prior to 1.12.7 on Microsoft Windows. Amazon Web Services AWS IoT Device SDK v2 for Node.js versions prior to 1.5.3 on Microsoft Windows.
CVE-2021-40713 1 Adobe 1 Experience Manager 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. If an attacker can achieve a man in the middle when the cold server establishes a new certificate, they would be able to harvest sensitive information.
CVE-2021-3935 4 Debian, Fedoraproject, Pgbouncer and 1 more 4 Debian Linux, Fedora, Pgbouncer and 1 more 2024-11-21 5.1 MEDIUM 8.1 HIGH
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
CVE-2021-3898 1 Motorola 2 Device Help, Ready For 2024-11-21 4.3 MEDIUM 6.8 MEDIUM
Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker.
CVE-2021-3698 2 Cockpit-project, Redhat 2 Cockpit, Enterprise Linux 2024-11-21 5.0 MEDIUM 7.5 HIGH
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.
CVE-2021-3618 5 Debian, F5, Fedoraproject and 2 more 5 Debian Linux, Nginx, Fedora and 2 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
CVE-2021-3547 1 Openvpn 1 Openvpn 2024-11-21 5.8 MEDIUM 7.4 HIGH
OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
CVE-2021-3460 1 Motorola 2 Mh702x, Mh702x Firmware 2024-11-21 7.5 HIGH 8.1 HIGH
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3450 10 Fedoraproject, Freebsd, Mcafee and 7 more 35 Fedora, Freebsd, Web Gateway and 32 more 2024-11-21 5.8 MEDIUM 7.4 HIGH
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).
CVE-2021-3406 2 Fedoraproject, Keylime 2 Fedora, Keylime 2024-11-21 7.5 HIGH 9.8 CRITICAL
A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.
CVE-2021-3336 1 Wolfssl 1 Wolfssl 2024-11-21 6.8 MEDIUM 8.1 HIGH
DoTls13CertificateVerify in tls13.c in wolfSSL before 4.7.0 does not cease processing for certain anomalous peer behavior (sending an ED22519, ED448, ECC, or RSA signature without the corresponding certificate). The client side is affected because man-in-the-middle attackers can impersonate TLS 1.3 servers.
CVE-2021-3309 1 Wekan Project 1 Wekan 2024-11-21 6.8 MEDIUM 8.1 HIGH
packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
CVE-2021-3285 1 Ti 1 Code Composer Studio Intgrated Development Environment 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
CVE-2021-3162 2 Apple, Docker 2 Macos, Docker 2024-11-21 4.6 MEDIUM 7.8 HIGH
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-39365 2 Debian, Gnome 2 Debian Linux, Grilo 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39361 1 Gnome 1 Evolution-rss 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In GNOME evolution-rss through 0.3.96, network-soup.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39360 2 Fedoraproject, Gnome 2 Fedora, Libzapojit 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In GNOME libzapojit through 0.0.3, zpj-skydrive.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
CVE-2021-39359 2 Fedoraproject, Gnome 2 Fedora, Libgda 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
In GNOME libgda through 6.0.0, gda-web-provider.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.