Total
1170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | |||||
| CVE-2012-5518 | 1 Ovirt | 1 Vdsm | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | |||||
| CVE-2012-1316 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | |||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | |||||
| CVE-2012-0955 | 1 Canonical | 1 Software-properties | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
| software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | |||||
| CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | |||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | |||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | |||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | |||||
| CVE-2010-4237 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | |||||
| CVE-2009-4123 | 1 Jruby | 1 Jruby-openssl | 2024-11-21 | N/A | 7.5 HIGH |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | |||||
| CVE-2009-3552 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-11-21 | 2.9 LOW | 3.1 LOW |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | |||||
| CVE-2007-5967 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | |||||
| CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2024-11-21 | 3.2 LOW | 6.8 MEDIUM |
| NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | |||||
| CVE-2024-5918 | 2024-11-15 | N/A | N/A | ||
| An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." | |||||
| CVE-2024-8285 | 1 Redhat | 1 Kroxylicious | 2024-11-13 | N/A | 5.9 MEDIUM |
| A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perform a Man-in-the-Middle attack or compromise any external systems, such as DNS or network routing configuration. This issue is considered a high complexity attack, with additional high privileges required, as the attack would need access to the Kroxylicious configuration or a peer system. The result of a successful attack impacts both data integrity and confidentiality. | |||||
| CVE-2024-49369 | 2024-11-13 | N/A | 9.8 CRITICAL | ||
| Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. | |||||
| CVE-2019-20461 | 2024-11-08 | N/A | 9.8 CRITICAL | ||
| An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side. | |||||
| CVE-2024-51774 | 1 Qbittorrent | 1 Qbittorrent | 2024-11-06 | N/A | 8.1 HIGH |
| qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. | |||||
| CVE-2024-30149 | 2024-11-01 | N/A | 4.8 MEDIUM | ||
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | |||||