Filtered by CWE-295
Total 1113 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-2993 1 Microsoft 2 Windows Phone 7, Windows Phone 7 Firmware 2024-11-21 5.9 Medium
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
CVE-2012-1316 1 Cisco 1 Ironport Web Security Appliance 2024-11-21 5.9 Medium
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks
CVE-2012-1096 2 Debian, Gnome 2 Debian Linux, Networkmanager 2024-11-21 5.5 Medium
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection.
CVE-2012-0955 1 Canonical 1 Software-properties 2024-11-21 6.8 Medium
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92.
CVE-2012-0867 4 Debian, Opensuse Project, Postgresql and 1 more 11 Debian Linux, Opensuse, Postgresql and 8 more 2024-11-21 N/A
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters.
CVE-2012-0861 1 Redhat 3 Enterprise Linux, Enterprise Virtualization Manager, Rhev Manager 2024-11-21 N/A
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack.
CVE-2011-3061 1 Google 1 Chrome 2024-11-21 N/A
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.
CVE-2011-3024 1 Google 1 Chrome 2024-11-21 N/A
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.
CVE-2011-2874 1 Google 1 Chrome 2024-11-21 N/A
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors.
CVE-2011-2669 1 Mozilla 1 Firefox 2024-11-21 6.5 Medium
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates.
CVE-2011-2207 3 Debian, Gnupg, Redhat 3 Debian Linux, Gnupg, Enterprise Linux 2024-11-21 5.3 Medium
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate.
CVE-2011-0199 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 5.9 Medium
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
CVE-2010-4685 1 Cisco 1 Ios 2024-11-21 N/A
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031.
CVE-2010-4533 2 Debian, Offlineimap 2 Debian Linux, Offlineimap 2024-11-21 9.8 Critical
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVE-2010-4532 2 Debian, Offlineimap 2 Debian Linux, Offlineimap 2024-11-21 5.9 Medium
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
CVE-2010-4237 1 Mercurial 1 Mercurial 2024-11-21 5.9 Medium
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack.
CVE-2010-1378 1 Apple 2 Mac Os X, Mac Os X Server 2024-11-21 9.8 Critical
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.
CVE-2009-5138 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2024-11-21 N/A
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959.
CVE-2009-4831 1 Cerulean Studios 1 Trillian 2024-11-21 N/A
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate.
CVE-2009-4123 1 Jruby 1 Jruby-openssl 2024-11-21 7.5 High
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.