Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12144 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-11-21 | 4.0 MEDIUM | 6.0 MEDIUM |
| The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. | |||||
| CVE-2020-12143 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-11-21 | 4.0 MEDIUM | 6.0 MEDIUM |
| The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | |||||
| CVE-2020-11806 | 1 Mailstore | 1 Mailstore Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. | |||||
| CVE-2020-11792 | 1 Netgear | 8 R8900, R8900 Firmware, R9000 and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | |||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||||
| CVE-2020-11580 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, accepts an arbitrary SSL certificate. | |||||
| CVE-2020-11050 | 1 Java-websocket Project | 1 Java-websocket | 2024-11-21 | 6.8 MEDIUM | 9.0 CRITICAL |
| In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0. | |||||
| CVE-2020-10925 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647. | |||||
| CVE-2020-10659 | 2 Entrustdatacard, Microsoft | 2 Entelligence Security Provider, Windows | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | |||||
| CVE-2020-10059 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | |||||
| CVE-2020-0119 | 1 Google | 1 Android | 2024-11-21 | 5.4 MEDIUM | 5.3 MEDIUM |
| In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247 | |||||
| CVE-2019-9148 | 1 Mailvelope | 1 Mailvelope | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person. | |||||
| CVE-2019-8642 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | |||||
| CVE-2019-8531 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | |||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-8337 | 1 Marlam | 2 Mpop, Msmtp | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | |||||
| CVE-2019-7728 | 1 Bosch | 1 Smart Camera | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | |||||
| CVE-2019-7615 | 1 Elastic | 1 Apm-agent-ruby | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent. | |||||
| CVE-2019-6702 | 1 Mastercard | 1 Qkr\! With Masterpass | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | |||||
| CVE-2019-6687 | 1 F5 | 1 Big-ip Application Security Manager | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | |||||