Total
1090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7043 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-08-04 | 9.1 Critical |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.example.com attack. | ||||
| CVE-2020-7041 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-08-04 | 5.3 Medium |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value. | ||||
| CVE-2020-7042 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-08-04 | 5.3 Medium |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | ||||
| CVE-2020-6529 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-08-04 | 4.3 Medium |
| Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2020-6175 | 1 Citrix | 2 Citrix Sd-wan Center, Netscaler Sd-wan Center | 2024-08-04 | 5.9 Medium |
| Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation. | ||||
| CVE-2020-5913 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2024-08-04 | 7.4 High |
| In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections and may result in a man-in-the-middle attack on the connections. | ||||
| CVE-2020-5909 | 1 F5 | 1 Nginx Controller | 2024-08-04 | 5.4 Medium |
| In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. | ||||
| CVE-2020-5864 | 1 F5 | 1 Nginx Controller | 2024-08-04 | 7.4 High |
| In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | ||||
| CVE-2020-5812 | 1 Tenable | 1 Nessus Amazon Machine Image | 2024-08-04 | 5.9 Medium |
| Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | ||||
| CVE-2020-5684 | 1 Nec | 5 Ism Server, M120, M12e and 2 more | 2024-08-04 | 4.8 Medium |
| iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. | ||||
| CVE-2020-5522 | 1 Fujixerox | 1 Easy Netprint | 2024-08-04 | 7.4 High |
| The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5523 | 9 77bank, Ashikagabank, Hokkaidobank and 6 more | 9 77 Bank, Ashigin, Dogin and 6 more | 2024-08-04 | 7.4 High |
| Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5526 | 1 Fujixerox | 1 Apeosware Management Suite | 2024-08-04 | 5.9 Medium |
| The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5521 | 1 Fujixerox | 1 Easy Netprint | 2024-08-04 | 7.4 High |
| The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5520 | 1 Fujixerox | 1 Netprint | 2024-08-04 | 7.4 High |
| The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-3994 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-08-04 | 7.4 High |
| VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repository may be able to perform a session hijack when the vCenter Server Appliance Management Interface is used to download vCenter updates. | ||||
| CVE-2020-3940 | 1 Vmware | 9 Workspace One Boxer, Workspace One Content, Workspace One Intelligent Hub and 6 more | 2024-08-04 | 5.9 Medium |
| VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. | ||||
| CVE-2020-2253 | 1 Jenkins | 1 Email Extension | 2024-08-04 | 4.8 Medium |
| Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||||
| CVE-2020-2252 | 2 Jenkins, Redhat | 2 Mailer, Openshift | 2024-08-04 | 4.8 Medium |
| Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server. | ||||
| CVE-2020-2187 | 1 Jenkins | 1 Amazon Ec2 | 2024-08-04 | 5.6 Medium |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | ||||