Total
1113 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2993 | 1 Microsoft | 2 Windows Phone 7, Windows Phone 7 Firmware | 2024-11-21 | 5.9 Medium |
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate. | ||||
CVE-2012-1316 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 5.9 Medium |
Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | ||||
CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 5.5 Medium |
NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | ||||
CVE-2012-0955 | 1 Canonical | 1 Software-properties | 2024-11-21 | 6.8 Medium |
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | ||||
CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2024-11-21 | N/A |
PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | ||||
CVE-2012-0861 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization Manager, Rhev Manager | 2024-11-21 | N/A |
The vds_installer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, uses the -k curl parameter when downloading deployUtil.py and vds_bootstrap.py, which prevents SSL certificates from being validated and allows remote attackers to execute arbitrary Python code via a man-in-the-middle attack. | ||||
CVE-2011-3061 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Google Chrome before 18.0.1025.142 does not properly check X.509 certificates before use of a SPDY proxy, which might allow man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate. | ||||
CVE-2011-3024 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate. | ||||
CVE-2011-2874 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
Google Chrome before 14.0.835.163 does not perform an expected pin operation for a self-signed certificate during a session, which has unspecified impact and remote attack vectors. | ||||
CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | ||||
CVE-2011-2207 | 3 Debian, Gnupg, Redhat | 3 Debian Linux, Gnupg, Enterprise Linux | 2024-11-21 | 5.3 Medium |
dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. | ||||
CVE-2011-0199 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 5.9 Medium |
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate. | ||||
CVE-2010-4685 | 1 Cisco | 1 Ios | 2024-11-21 | N/A |
Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a change to a certificate map, which allows remote authenticated users to bypass a certificate ban by connecting with a banned certificate that had previously been valid, aka Bug ID CSCta79031. | ||||
CVE-2010-4533 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 9.8 Critical |
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies. | ||||
CVE-2010-4532 | 2 Debian, Offlineimap | 2 Debian Linux, Offlineimap | 2024-11-21 | 5.9 Medium |
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks. | ||||
CVE-2010-4237 | 1 Mercurial | 1 Mercurial | 2024-11-21 | 5.9 Medium |
Mercurial before 1.6.4 fails to verify the Common Name field of SSL certificates which allows remote attackers who acquire a certificate signed by a Certificate Authority to perform a man-in-the-middle attack. | ||||
CVE-2010-1378 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-11-21 | 9.8 Critical |
OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | ||||
CVE-2009-5138 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-11-21 | N/A |
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | ||||
CVE-2009-4831 | 1 Cerulean Studios | 1 Trillian | 2024-11-21 | N/A |
Cerulean Studios Trillian 3.1 Basic does not check SSL certificates during MSN authentication, which allows remote attackers to obtain MSN credentials via a man-in-the-middle attack with a spoofed SSL certificate. | ||||
CVE-2009-4123 | 1 Jruby | 1 Jruby-openssl | 2024-11-21 | 7.5 High |
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. |