Total
1090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15525 | 1 Pw3270 Project | 1 Pw3270 | 2024-08-05 | N/A |
| There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1. | ||||
| CVE-2019-15042 | 1 Jetbrains | 1 Teamcity | 2024-08-05 | 7.5 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. | ||||
| CVE-2019-14910 | 1 Redhat | 1 Keycloak | 2024-08-05 | 9.8 Critical |
| A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered. | ||||
| CVE-2019-14823 | 3 Jss Cryptomanager Project, Linux, Redhat | 10 Jss Cryptomanager, Linux Kernel, Enterprise Linux and 7 more | 2024-08-05 | 7.4 High |
| A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to attacks such as Man in the Middle. | ||||
| CVE-2019-14516 | 1 Uidai | 1 Maadhaar | 2024-08-05 | N/A |
| The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help. | ||||
| CVE-2019-14553 | 1 Tianocore | 1 Edk2 | 2024-08-05 | 4.9 Medium |
| Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | ||||
| CVE-2019-14334 | 1 Dlink | 6 6600-ap, 6600-ap Firmware, Dwl-3600ap and 3 more | 2024-08-05 | 5.5 Medium |
| An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command. | ||||
| CVE-2019-13050 | 6 F5, Fedoraproject, Gnupg and 3 more | 6 Traffix Signaling Delivery Controller, Fedora, Gnupg and 3 more | 2024-08-04 | 7.5 High |
| Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack. | ||||
| CVE-2019-12855 | 1 Twistedmatrix | 1 Twisted | 2024-08-04 | N/A |
| In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections. | ||||
| CVE-2019-12496 | 1 Hybridgroup | 1 Gobot | 2024-08-04 | 7.5 High |
| An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. | ||||
| CVE-2019-12000 | 1 Hp | 1 Mse Msg Gw Application E-ltu | 2024-08-04 | 6.6 Medium |
| HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. Update to version 3.2 and update the HTTPS configuration as described in the HPE MSE Messaging Gateway Configuration and Operations Guide. | ||||
| CVE-2019-11727 | 2 Mozilla, Redhat | 3 Firefox, Enterprise Linux, Openshift Do | 2024-08-04 | N/A |
| A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11688 | 1 Asustor | 1 Exfat Driver | 2024-08-04 | 7.4 High |
| An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl accept any certificate for asustornasapi.asustor.com. In other words, there is Missing SSL Certificate Validation. | ||||
| CVE-2019-11674 | 1 Microfocus | 1 Netiq Self Service Password Reset | 2024-08-04 | 5.9 Medium |
| Man-in-the-middle vulnerability in Micro Focus Self Service Password Reset, affecting all versions prior to 4.4.0.4. The vulnerability could exploit invalid certificate validation and may result in a man-in-the-middle attack. | ||||
| CVE-2019-11554 | 1 Amazon | 1 Audible | 2024-08-04 | 5.9 Medium |
| The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. | ||||
| CVE-2019-11550 | 1 Citrix | 2 Netscaler Sd-wan, Sd-wan | 2024-08-04 | N/A |
| Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | ||||
| CVE-2019-11497 | 1 Couchbase | 1 Couchbase Server | 2024-08-04 | 7.5 High |
| In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate. | ||||
| CVE-2019-11324 | 3 Canonical, Python, Redhat | 4 Ubuntu Linux, Urllib3, Enterprise Linux and 1 more | 2024-08-04 | N/A |
| The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | ||||
| CVE-2019-11242 | 1 Cohesity | 1 Dataplatform | 2024-08-04 | N/A |
| A man-in-the-middle vulnerability related to vCenter access was found in Cohesity DataPlatform version 5.x and 6.x prior to 6.1.1c. Cohesity clusters did not verify TLS certificates presented by vCenter. This vulnerability could expose Cohesity user credentials configured to access vCenter. | ||||
| CVE-2019-10914 | 1 Matrixssl | 1 Matrixssl | 2024-08-04 | N/A |
| pubRsaDecryptSignedElementExt in MatrixSSL 4.0.1 Open, as used in Inside Secure TLS Toolkit, has a stack-based buffer overflow during X.509 certificate verification because of missing validation in psRsaDecryptPubExt in crypto/pubkey/rsa_pub.c. | ||||