Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | |||||
| CVE-2020-7904 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | |||||
| CVE-2020-7043 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | |||||
| CVE-2020-7042 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | |||||
| CVE-2020-7041 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. | |||||
| CVE-2020-6781 | 1 Bosch | 1 Smart Home | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack. | |||||
| CVE-2020-6529 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6175 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. | |||||
| CVE-2020-5913 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. | |||||
| CVE-2020-5909 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. | |||||
| CVE-2020-5864 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | |||||
| CVE-2020-5812 | 1 Tenable | 1 Nessus Amazon Machine Image | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | |||||
| CVE-2020-5684 | 1 Nec | 5 Ism Server, M120, M12e and 2 more | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. | |||||
| CVE-2020-5526 | 1 Fujixerox | 1 Apeosware Management Suite | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-5523 | 9 77bank, Ashikagabank, Hokkaidobank and 6 more | 9 77 Bank, Ashigin, Dogin and 6 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-5522 | 1 Fujixerox | 1 Easy Netprint | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-5521 | 1 Fujixerox | 1 Easy Netprint | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-5520 | 1 Fujixerox | 1 Netprint | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2020-5367 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2024-11-21 | 6.8 MEDIUM | 7.4 HIGH |
| Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim's data in transit. | |||||
| CVE-2020-4791 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 1.8 LOW | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379. | |||||