Total
1086 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1052 | 1 Hashicorp | 1 Boundary | 2024-08-01 | 8 High |
| Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. | ||||
| CVE-2024-0853 | 1 Haxx | 1 Curl | 2024-08-01 | 5.3 Medium |
| curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. | ||||
| CVE-2024-0042 | 2024-08-01 | 5.6 Medium | ||
| In TBD of TBD, there is a possible confusion of OEM and DRM certificates due to improperly used crypto. This could lead to local bypass of DRM content protection with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2021-3601 | 2023-11-07 | 3.3 Low | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. OpenSSL does not class this issue as a security vulnerability. The trusted CA store should not contain anything that the user does not trust to issue other certificates. Notes: https://github.com/openssl/openssl/issues/5236#issuecomment-119646061 | ||||
| CVE-2018-3630 | 2023-11-07 | N/A | ||
| DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | ||||
| CVE-2021-25635 | 1 Redhat | 1 Enterprise Linux | 2021-10-11 | 6.3 Medium |
| A flaw was found in LibreOffice, where it improperly validated signatures for algorithms that were not verified. This flaw leads to LibreOffice presenting a valid signature when the validity of the signature was not verified. The highest threat from this vulnerability is to confidentiality and integrity. | ||||