CWE:
 

Topic
Date
Author
Med.
Magento 1.9.x Multiple Man-In The Middle
20.01.2016
Maksymilian Arciemowic...
Med.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
14.05.2015
Maksymilian Arciemowic...
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...


CVEMAP Search Results

CVE
Details
Description
2019-08-13
Medium
CVE-2019-14516

Vendor: Uidai
Software: Maadhaar
 

 
The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.

 
2019-08-07
Medium
CVE-2019-10382

Vendor: Jenkins
Software: Vmware lab m...
 

 
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

 
Low
CVE-2019-10381

Vendor: Jenkins
Software: Codefresh in...
 

 
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.

 
2019-08-05
Low
CVE-2017-18479

Vendor: Cpanel
Software: Cpanel
 

 
In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).

 
2019-08-01
Medium
CVE-2019-3890

Vendor: Gnome
Software: Evolution-ews
 

 
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference.

 
Low
CVE-2019-14334

Vendor: Dlink
Software: 6600-ap firmware
 

 
An issue was discovered on D-Link 6600-AP, DWL-3600AP, and DWL-8610AP Ax 4.2.0.14 21/03/2019 devices. There is post-authenticated Certificate and RSA Private Key extraction through an insecure sslcert-get.cgi HTTP command.

 
2019-07-30
Medium
CVE-2019-7615

Vendor: Elastic
Software: Apm-agent-ruby
 

 
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned by the APM server. This could result in a man in the middle style attack against the Ruby agent.

 
Low
CVE-2019-1552

Vendor: Openssl
Software: Openssl
 

 
OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc. For OpenSSL 1.0.2, '/usr/local/ssl' is used as default for OPENSSLDIR on all Unix and Windows targets, including Visual C builds. However, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own --prefix. OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue. Due to the limited scope of affected deployments this has been assessed as low severity and therefore we are not creating new releases at this time. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

 
2019-07-23
Medium
CVE-2019-11727

Vendor: Mozilla
Software: Firefox
 

 
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68.

 
Low
CVE-2019-1010206

Vendor: Http-request project
Software: Http request
 

 
OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top