Total
1214 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0104 | 1 Clusterlabs | 1 Fence-agents | 2024-11-21 | 5.9 Medium |
| In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | ||||
| CVE-2013-7201 | 1 Paypal | 1 Paypal | 2024-11-21 | N/A |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | ||||
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2024-11-21 | 5.9 Medium |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | ||||
| CVE-2013-0264 | 1 Redhat | 1 Mrg Management Console | 2024-11-21 | 7.5 High |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | ||||
| CVE-2012-6709 | 2 Elinks, Twibright | 2 Elinks, Links | 2024-11-21 | N/A |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | ||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-11-21 | 7.5 High |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | ||||
| CVE-2012-5518 | 1 Ovirt | 1 Vdsm | 2024-11-21 | 7.5 High |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | ||||
| CVE-2012-1316 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 5.9 Medium |
| Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | ||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 5.5 Medium |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | ||||
| CVE-2012-0955 | 1 Canonical | 1 Software-properties | 2024-11-21 | 6.8 Medium |
| software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | ||||
| CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | ||||
| CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.3 Medium |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | ||||
| CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 9.8 Critical |
| offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | ||||
| CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 5.9 Medium |
| offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | ||||
| CVE-2010-4237 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.9 Medium |
| Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | ||||
| CVE-2009-4123 | 1 Jruby | 1 Jruby-openssl | 2024-11-21 | 7.5 High |
| The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | ||||
| CVE-2009-3552 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization Manager | 2024-11-21 | 3.1 Low |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | ||||
| CVE-2007-5967 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. | ||||
| CVE-2006-7246 | 3 Gnome, Opensuse, Suse | 4 Networkmanager, Opensuse, Linux Enterprise Desktop and 1 more | 2024-11-21 | 6.8 Medium |
| NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | ||||
| CVE-2024-5918 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-15 | N/A |
| An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate." | ||||