Total
1247 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0264 | 1 Redhat | 1 Mrg Management Console | 2024-11-21 | 7.5 High |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | ||||
| CVE-2012-6709 | 2 Elinks, Twibright | 2 Elinks, Links | 2024-11-21 | N/A |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | ||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-11-21 | 7.5 High |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | ||||
| CVE-2012-5518 | 1 Ovirt | 1 Vdsm | 2024-11-21 | 7.5 High |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | ||||
| CVE-2012-1316 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 5.9 Medium |
| Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | ||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 5.5 Medium |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | ||||
| CVE-2012-0955 | 1 Canonical | 1 Software-properties | 2024-11-21 | 6.8 Medium |
| software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | ||||
| CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | ||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | ||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 9.8 Critical |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | ||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 5.9 Medium |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | ||||
| CVE-2010-4237 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.9 Medium |
| Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | ||||
| CVE-2009-4123 | 1 Jruby | 1 Jruby-openssl | 2024-11-21 | 7.5 High |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | ||||
| CVE-2009-3552 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization Manager | 2024-11-21 | 3.1 Low |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | ||||
| CVE-2007-5967 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | ||||
| CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2024-11-21 | 6.8 Medium |
| NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | ||||
| CVE-2024-51774 | 1 Qbittorrent | 1 Qbittorrent | 2024-11-06 | 8.1 High |
| qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors. | ||||
| CVE-2024-30149 | 2024-11-01 | 4.8 Medium | ||
| HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. | ||||
| CVE-2024-31955 | 2024-10-30 | 4.9 Medium | ||
| An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information. | ||||
| CVE-2024-39771 | 1 Safie | 4 Qbic Cloud Cc-2\/2l, Qbic Cloud Cc-2\/2l Firmware, Safie One and 1 more | 2024-10-28 | 4.2 Medium |
| QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | ||||