Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5466 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | |||||
| CVE-2018-5464 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | |||||
| CVE-2018-5462 | 1 Philips | 1 Intellispace Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information. | |||||
| CVE-2018-5408 | 1 Printerlogic | 1 Print Management | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. | |||||
| CVE-2018-5258 | 1 Banconeon | 1 Neon | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2018-4991 | 1 Adobe | 1 Creative Cloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass. | |||||
| CVE-2018-4849 | 1 Siemens | 1 Siveillance Vms Video | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been identified in Siveillance VMS Video for Android (All versions < V12.1a (2018 R1)), Siveillance VMS Video for iOS (All versions < V12.1a (2018 R1)). Improper certificate validation could allow an attacker in a privileged network position to read data from and write data to the encrypted communication channel between the app and a server. The security vulnerability could be exploited by an attacker in a privileged network position which allows intercepting the communication channel between the affected app and a server (such as Man-in-the-Middle). Furthermore, an attacker must be able to generate a certificate that results for the validation algorithm in a checksum identical to a trusted certificate. Successful exploitation requires no user interaction. The vulnerability could allow reading data from and writing data to the encrypted communication channel between the app and a server, impacting the communication's confidentiality and integrity. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | |||||
| CVE-2018-4436 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2. | |||||
| CVE-2018-4086 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints. | |||||
| CVE-2018-4015 | 1 Webroot | 1 Brightcloud | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability. | |||||
| CVE-2018-3927 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to the exposure of sensitive data. An attacker can impersonate the remote backtrace.io server in order to trigger this vulnerability. | |||||
| CVE-2018-2460 | 1 Sap | 1 Business One | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | |||||
| CVE-2018-21029 | 2 Fedoraproject, Systemd Project | 2 Fedora, Systemd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| systemd 239 through 245 accepts any certificate signed by a trusted certificate authority for DNS Over TLS. Server Name Indication (SNI) is not sent, and there is no hostname validation with the GnuTLS backend. NOTE: This has been disputed by the developer as not a vulnerability since hostname validation does not have anything to do with this issue (i.e. there is no hostname to be sent) | |||||
| CVE-2018-20245 | 1 Apache | 1 Airflow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was misconfigured and contained improper checking of exceptions which disabled server certificate checking. | |||||
| CVE-2018-20200 | 1 Squareup | 1 Okhttp | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don't consider this is a vulnerability. Their rationale can be found in https://github.com/square/okhttp/issues/4967 | |||||
| CVE-2018-20135 | 1 Samsung | 1 Galaxy Apps | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071. | |||||
| CVE-2018-1543 | 1 Ibm | 1 Websphere Mq | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM WebSphere MQ 8.0 and 9.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the SSL certificate. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 142598. | |||||
| CVE-2018-1509 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
| IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417. | |||||
| CVE-2018-1320 | 4 Apache, Debian, F5 and 1 more | 5 Thrift, Debian Linux, Traffix Signaling Delivery Controller and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. | |||||
| CVE-2018-1153 | 1 Portswigger | 1 Burp Suite | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. | |||||