Total
1090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10446 | 1 Jenkins | 1 Cadence Vmanager | 2024-08-04 | 8.2 High |
| Jenkins Cadence vManager Plugin 2.7.0 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||||
| CVE-2019-10444 | 1 Jenkins | 1 Bumblebee Hp Alm | 2024-08-04 | 6.5 Medium |
| Jenkins Bumblebee HP ALM Plugin 4.1.3 and earlier unconditionally disabled SSL/TLS and hostname verification for connections to HP ALM. | ||||
| CVE-2019-10382 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2024-08-04 | 6.5 Medium |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||||
| CVE-2019-10381 | 1 Jenkins | 1 Codefresh Integration | 2024-08-04 | 7.5 High |
| Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||||
| CVE-2019-10317 | 1 Jenkins | 1 Sitemonitor | 2024-08-04 | N/A |
| Jenkins SiteMonitor Plugin 0.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||||
| CVE-2019-10334 | 1 Jenkins | 1 Electricflow | 2024-08-04 | N/A |
| Jenkins ElectricFlow Plugin 1.1.5 and earlier disabled SSL/TLS and hostname verification globally for the Jenkins master JVM when MultipartUtility.java is used to upload files. | ||||
| CVE-2019-10314 | 1 Jenkins | 1 Koji | 2024-08-04 | N/A |
| Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | ||||
| CVE-2019-10091 | 1 Apache | 1 Geode | 2024-08-04 | 7.4 High |
| When TLS is enabled with ssl-endpoint-identification-enabled set to true, Apache Geode fails to perform hostname verification of the entries in the certificate SAN during the SSL handshake. This could compromise intra-cluster communication using a man-in-the-middle attack. | ||||
| CVE-2019-9148 | 1 Mailvelope | 1 Mailvelope | 2024-08-04 | 4.3 Medium |
| Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Keys that are obviously invalid are not rejected during import. An attacker that is able to get a victim to import a manipulated key could claim to have signed a message that originates from another person. | ||||
| CVE-2019-8642 | 1 Apple | 1 Mac Os X | 2024-08-04 | 3.3 Low |
| An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. | ||||
| CVE-2019-8531 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-08-04 | 9.8 Critical |
| A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | ||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2024-08-04 | N/A |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2019-8337 | 1 Marlam | 2 Mpop, Msmtp | 2024-08-04 | N/A |
| In msmtp 1.8.2 and mpop 1.4.3, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. | ||||
| CVE-2019-7728 | 1 Bosch | 1 Smart Camera | 2024-08-04 | N/A |
| An issue was discovered in the Bosch Smart Camera App before 1.3.1 for Android. Due to improperly implemented TLS certificate checks, a malicious actor could potentially succeed in executing a man-in-the-middle attack for some connections. (The Bosch Smart Home App is not affected. iOS Apps are not affected.) | ||||
| CVE-2019-7615 | 1 Elastic | 1 Apm-agent-ruby | 2024-08-04 | 7.4 High |
| A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent. | ||||
| CVE-2019-6687 | 1 F5 | 1 Big-ip Application Security Manager | 2024-08-04 | 7.4 High |
| On versions 15.0.0-15.0.1.1, the BIG-IP ASM Cloud Security Services profile uses a built-in verification mechanism that fails to properly authenticate the X.509 certificate of remote endpoints. | ||||
| CVE-2019-6702 | 1 Mastercard | 1 Qkr\! With Masterpass | 2024-08-04 | N/A |
| The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier. | ||||
| CVE-2019-6266 | 1 Cordaware | 1 Bestinformed | 2024-08-04 | N/A |
| Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext. | ||||
| CVE-2019-6032 | 1 Ntv | 1 News 24 | 2024-08-04 | 7.4 High |
| The NTV News24 prior to Ver.3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2019-5961 | 1 Mastodon-tootdon | 1 Tootdon For Mastodon | 2024-08-04 | N/A |
| The Android App 'Tootdon for Mastodon' version 3.4.1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||