| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| duplicity 0.6.24 has improper verification of SSL certificates |
| The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. |
| wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. |
| wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. |
| ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. |
| In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. |
| Cache Poisoning issue exists in DNS Response Rate Limiting. |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. |
| Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) |
| Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. |
| software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn't check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. |
| Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. |
| dirmngr before 2.1.0 improperly handles certain system calls, which allows remote attackers to cause a denial of service (DOS) via a specially-crafted certificate. |
