Total
821 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-15047 | 1 Trojita Project | 1 Trojita | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. | |||||
CVE-2017-18911 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 6.4 MEDIUM | 9.1 CRITICAL |
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server. | |||||
CVE-2017-18909 | 1 Mattermost | 1 Mattermost Server | 2020-06-25 | 4.3 MEDIUM | 7.5 HIGH |
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory. | |||||
CVE-2020-3342 | 1 Cisco | 1 Webex Meetings | 2020-06-24 | 9.3 HIGH | 8.8 HIGH |
A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user. | |||||
CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2020-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5902 | 1 Payquicker | 1 Mypayquicker | 2020-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-3212 | 1 Sccu | 1 Space Coast Credit Union | 2020-06-24 | 4.3 MEDIUM | 5.9 MEDIUM |
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-18918 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 4.0 MEDIUM | 4.9 MEDIUM |
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname. | |||||
CVE-2016-11076 | 1 Mattermost | 1 Mattermost Server | 2020-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | |||||
CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2020-06-23 | 4.3 MEDIUM | 8.1 HIGH |
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||||
CVE-2020-4320 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Mq and 3 more | 2020-06-22 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403. | |||||
CVE-2019-16252 | 1 Nutfind | 1 Nutfind | 2020-06-22 | 4.3 MEDIUM | 5.9 MEDIUM |
Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. | |||||
CVE-2020-2033 | 1 Paloaltonetworks | 1 Globalprotect | 2020-06-16 | 2.9 LOW | 5.3 MEDIUM |
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled. | |||||
CVE-2020-0119 | 1 Google | 1 Android | 2020-06-15 | 5.4 MEDIUM | 5.3 MEDIUM |
In addOrUpdateNetworkInternal and related functions of WifiConfigManager.java, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150500247 | |||||
CVE-2020-9040 | 1 Couchbase | 1 Couchbase Server Java Sdk | 2020-06-11 | 5.0 MEDIUM | 7.5 HIGH |
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification. | |||||
CVE-2020-10059 | 1 Zephyrproject | 1 Zephyr | 2020-06-05 | 5.8 MEDIUM | 4.8 MEDIUM |
The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | |||||
CVE-2020-13616 | 1 Pichi Project | 1 Pichi | 2020-05-29 | 4.3 MEDIUM | 5.9 MEDIUM |
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. | |||||
CVE-2020-13245 | 1 Netgear | 28 R6120, R6120 Firmware, R6220 and 25 more | 2020-05-29 | 4.3 MEDIUM | 5.9 MEDIUM |
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. | |||||
CVE-2020-13615 | 1 Qore | 1 Qore | 2020-05-28 | 4.3 MEDIUM | 5.9 MEDIUM |
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. | |||||
CVE-2020-1758 | 1 Redhat | 2 Keycloak, Openstack | 2020-05-19 | 4.3 MEDIUM | 5.9 MEDIUM |
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. |