Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12608 | 1 Mobyproject | 1 Moby | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. | |||||
| CVE-2018-12499 | 1 Motorola | 2 Mbp853, Mbp853 Firmware | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. | |||||
| CVE-2018-12461 | 1 Netiq | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | |||||
| CVE-2018-12257 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download. | |||||
| CVE-2018-12205 | 1 Intel | 5 Core I3, Core I5, Core I7 and 2 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access. | |||||
| CVE-2018-12087 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | |||||
| CVE-2018-11775 | 2 Apache, Oracle | 3 Activemq, Enterprise Repository, Flexcube Private Banking | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. | |||||
| CVE-2018-11751 | 1 Puppet | 1 Puppet Server | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. | |||||
| CVE-2018-11747 | 1 Puppet | 1 Discovery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | |||||
| CVE-2018-11712 | 1 Webkitgtk | 1 Webkitgtk\+ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. | |||||
| CVE-2018-10894 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. | |||||
| CVE-2018-10408 | 1 Virustotal | 1 Virustotal | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10406 | 1 Yelp | 1 Osxcollector | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10405 | 1 Google | 1 Santa | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10404 | 1 Objective-see | 5 Knockknock, Lulu, Procinfo and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10403 | 1 F-secure | 1 Xfence | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10377 | 1 Portswigger | 1 Burp Suite | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | |||||
| CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). | |||||
| CVE-2018-1000664 | 1 Dsub For Subsonic Project | 1 Dsub For Subsonic | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| daneren2005 DSub for Subsonic (Android client) version 5.4.1 contains a CWE-295: Improper Certificate Validation vulnerability in HTTPS Client that can result in Any non-CA signed server certificate, including self signed and expired, are accepted by the client. This attack appear to be exploitable via The victim connects to a server that's MITM/Proxied by an attacker. | |||||
| CVE-2018-1000605 | 1 Jenkins | 1 Collabnet | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. | |||||