CWE:
 

Topic
Date
Author
Med.
Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
02.10.2019
Andrew Klaus
Med.
Magento 1.9.x Multiple Man-In The Middle
20.01.2016
Maksymilian Arciemowic...
Med.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
14.05.2015
Maksymilian Arciemowic...
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...


CVEMAP Search Results

CVE
Details
Description
2019-10-07
Medium
CVE-2019-16263

Vendor: Twitter
Software: Twitter kit
 

 
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product.

 
2019-10-01
Medium
CVE-2019-15042

Vendor: Jetbrains
Software: Teamcity
 

 
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.

 
2019-09-11
Low
CVE-2019-1231

Vendor: Microsoft
Software: Project rome
 

 
An information disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation, aka 'Rome SDK Information Disclosure Vulnerability'.

 
2019-09-10
Medium
CVE-2019-11497

Vendor: Couchbase
Software: Couchbase server
 

 
In Couchbase Server 5.0.0, when an invalid Remote Cluster Certificate was entered as part of the reference creation, XDCR did not parse and check the certificate signature. It then accepted the invalid certificate and attempted to use it to establish future connections to the remote cluster. This has been fixed in version 5.5.0. XDCR now checks the validity of the certificate thoroughly and prevents a remote cluster reference from being created with an invalid certificate.

 
2019-09-09
Medium
CVE-2019-16179

Vendor: Limesurvey
Software: Limesurvey
 

 
Limesurvey before 3.17.14 does not enforce SSL/TLS usage in the default configuration.

 
2019-09-08
Medium
CVE-2016-10937

Vendor: Imapfilter project
Software: Imapfilter
 

 
IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate.

 
2019-09-03
Medium
CVE-2019-3751

Vendor: DELL
Software: Emc enterpri...
 

 
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit.

 
2019-08-26
Medium
CVE-2017-18588

Updating...
 

 
An issue was discovered in the security-framework crate before 0.1.12 for Rust. Hostname verification for certificates does not occur if ClientBuilder uses custom root certificates.

 
Medium
CVE-2016-10931

Vendor: Openssl project
Software: Openssl
 

 
An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification.

 
2019-08-23
Medium
CVE-2019-15525

Updating...
 

 
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top