CWE:
 

Topic
Date
Author
Med.
Magento 1.9.x Multiple Man-In The Middle
20.01.2016
Maksymilian Arciemowic...
Med.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
14.05.2015
Maksymilian Arciemowic...
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...


CVEMAP Search Results

CVE
Details
Description
2019-04-18
Medium
CVE-2019-11324

Vendor: Urllib3 project
Software: Urllib3
 

 
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

 
2019-04-03
Medium
CVE-2018-4436

Vendor: Apple
Software: Iphone os
 

 
A certificate validation issue existed in configuration profiles. This was addressed with additional checks. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2.

 
2019-03-27
Medium
CVE-2019-1748

Vendor: Cisco
Software: IOS
 

 
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the affected software insufficiently validates certificates. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt and modify confidential information on user connections to the affected software.

 
Medium
CVE-2018-5926

Vendor: HP
Software: Remote graph...
 

 
A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.

 
Medium
CVE-2019-3814

Vendor: Dovecot
Software: Dovecot
 

 
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.

 
2019-03-25
Medium
CVE-2019-3841

Updating...
 

 
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content.

 
2019-03-21
Medium
CVE-2019-8351

Vendor: Heimdalsecurity
Software: THOR
 

 
Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
Low
CVE-2019-6702

Updating...
 

 
The MasterCard Qkr! app before 5.0.8 for iOS has Missing SSL Certificate Validation. NOTE: this CVE only applies to obsolete versions from 2016 or earlier.

 
Medium
CVE-2019-5729

Updating...
 

 
Splunk-SDK-Python before 1.6.6 does not properly verify untrusted TLS server certificates, which could result in man-in-the-middle attacks.

 
Medium
CVE-2018-11747

Updating...
 

 
Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top