Total
1090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20455 | 1 Globalpayments | 1 Php Sdk | 2024-08-05 | 5.9 Medium |
| Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations. | ||||
| CVE-2019-19270 | 2 Fedoraproject, Proftpd | 2 Fedora, Proftpd | 2024-08-05 | 7.5 High |
| An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | ||||
| CVE-2019-19271 | 1 Proftpd | 1 Proftpd | 2024-08-05 | 7.5 High |
| An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. A wrong iteration variable, used when checking a client certificate against CRL entries (installed by a system administrator), can cause some CRL entries to be ignored, and can allow clients whose certificates have been revoked to proceed with a connection to the server. | ||||
| CVE-2019-19101 | 1 Br-automation | 1 Automation Studio | 2024-08-05 | 6.5 Medium |
| A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server. | ||||
| CVE-2019-18826 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2024-08-05 | 9.8 Critical |
| Barco ClickShare Button R9861500D01 devices before 1.9.0 have Improper Following of a Certificate's Chain of Trust. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, does not properly validate the whole certificate chain. | ||||
| CVE-2019-18847 | 1 Akamai | 1 Enterprise Application Access | 2024-08-05 | 9.8 Critical |
| Enterprise Access Client Auto-Updater allows for Remote Code Execution prior to version 2.0.1. | ||||
| CVE-2019-18633 | 1 Europa | 1 Eidas-node Integration Package | 2024-08-05 | 9.8 Critical |
| European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected. | ||||
| CVE-2019-18632 | 1 Europa | 1 Eidas-node Integration Package | 2024-08-05 | 9.8 Critical |
| European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate. | ||||
| CVE-2019-17596 | 6 Arista, Debian, Fedoraproject and 3 more | 13 Cloudvision Portal, Eos, Mos and 10 more | 2024-08-05 | 7.5 High |
| Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | ||||
| CVE-2019-17560 | 2 Apache, Oracle | 2 Netbeans, Graalvm | 2024-08-05 | 9.1 Critical |
| The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. | ||||
| CVE-2019-17134 | 3 Canonical, Opendev, Redhat | 3 Ubuntu Linux, Octavia, Openstack | 2024-08-05 | 9.1 Critical |
| Amphora Images in OpenStack Octavia >=0.10.0 <2.1.2, >=3.0.0 <3.2.0, >=4.0.0 <4.1.0 allows anyone with access to the management network to bypass client-certificate based authentication and retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443, because the cmd/agent.py gunicorn cert_reqs option is True but is supposed to be ssl.CERT_REQUIRED. | ||||
| CVE-2019-17007 | 3 Mozilla, Redhat, Siemens | 19 Network Security Services, Enterprise Linux, Rhel Eus and 16 more | 2024-08-05 | 7.5 High |
| In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | ||||
| CVE-2019-16561 | 1 Jenkins | 1 Websphere Deployer | 2024-08-05 | 7.1 High |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. | ||||
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2024-08-05 | 8.2 High |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | ||||
| CVE-2019-16252 | 1 Nutfind | 1 Nutfind | 2024-08-05 | 5.9 Medium |
| Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. | ||||
| CVE-2019-16281 | 1 Ptarmigan Project | 1 Ptarmigan | 2024-08-05 | 7.5 High |
| Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block. | ||||
| CVE-2019-16209 | 1 Broadcom | 1 Brocade Sannav | 2024-08-05 | 7.4 High |
| A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections. | ||||
| CVE-2019-16263 | 1 Twitter | 1 Twitter Kit | 2024-08-05 | 7.4 High |
| The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product. | ||||
| CVE-2019-16179 | 1 Limesurvey | 1 Limesurvey | 2024-08-05 | 5.3 Medium |
| Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration. | ||||
| CVE-2019-15604 | 5 Debian, Nodejs, Opensuse and 2 more | 12 Debian Linux, Node.js, Leap and 9 more | 2024-08-05 | 7.5 High |
| Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate | ||||