Total
1090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-10405 | 1 Google | 1 Santa | 2024-08-05 | N/A |
| An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2018-10377 | 1 Portswigger | 1 Burp Suite | 2024-08-05 | N/A |
| PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | ||||
| CVE-2018-10403 | 1 F-secure | 1 Xfence | 2024-08-05 | N/A |
| An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2018-10406 | 1 Yelp | 1 Osxcollector | 2024-08-05 | N/A |
| An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2018-10404 | 1 Objective-see | 5 Knockknock, Lulu, Procinfo and 2 more | 2024-08-05 | N/A |
| An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2018-10408 | 1 Virustotal | 1 Virustotal | 2024-08-05 | N/A |
| An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | ||||
| CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2024-08-05 | N/A |
| An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). | ||||
| CVE-2018-9127 | 1 Botan Project | 1 Botan | 2024-08-05 | N/A |
| Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character. | ||||
| CVE-2018-8970 | 1 Openbsd | 1 Libressl | 2024-08-05 | N/A |
| The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. | ||||
| CVE-2018-8479 | 1 Microsoft | 2 C Software Development Kit, Java Software Development Kit | 2024-08-05 | N/A |
| A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. | ||||
| CVE-2018-8356 | 1 Microsoft | 13 .net Core, .net Framework, .net Framework Developer Pack and 10 more | 2024-08-05 | N/A |
| A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. | ||||
| CVE-2018-8119 | 1 Microsoft | 3 C Software Development Kit, Csharp Software Development Kit, Java Software Development Kit | 2024-08-05 | N/A |
| A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK. | ||||
| CVE-2018-6827 | 1 Omninova | 2 Vobot, Vobot Firmware | 2024-08-05 | N/A |
| VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a hardcoded --no-check-certificate Wget option. | ||||
| CVE-2018-6517 | 1 Puppet | 1 Chloride | 2024-08-05 | N/A |
| Prior to version 0.3.0, chloride's use of net-ssh resulted in host fingerprints for previously unknown hosts getting added to the user's known_hosts file without confirmation. In version 0.3.0 this is updated so that the user's known_hosts file is not updated by chloride. | ||||
| CVE-2018-6374 | 1 Pulsesecure | 1 Desktop Linux Client | 2024-08-05 | N/A |
| The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set. | ||||
| CVE-2018-6221 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-08-05 | N/A |
| An unvalidated software update vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow a man-in-the-middle attacker to tamper with an update file and inject their own. | ||||
| CVE-2018-6219 | 1 Trendmicro | 1 Email Encryption Gateway | 2024-08-05 | N/A |
| An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data. | ||||
| CVE-2018-5926 | 1 Hp | 1 Remote Graphics Software | 2024-08-05 | N/A |
| A potential vulnerability has been identified in HP Remote Graphics Software’s certificate authentication process version 7.5.0 and earlier. | ||||
| CVE-2018-5761 | 1 Rubrik | 1 Cdm | 2024-08-05 | N/A |
| A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter. | ||||
| CVE-2018-5408 | 1 Printerlogic | 1 Print Management | 2024-08-05 | N/A |
| The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. | ||||