CWE:
 

Tytuł
Data
Autor
Med.
Fortinet FortiSIEM 5.0 / 5.2.1 Improper Certification Validation
02.10.2019
Andrew Klaus
Med.
Magento 1.9.x Multiple Man-In The Middle
20.01.2016
Maksymilian Arciemowic...
Med.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
14.05.2015
Maksymilian Arciemowic...
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-05-28
Medium
CVE-2020-13645

Vendor: Gnome
Software: Balsa
 

 
In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.

 
Low
CVE-2020-13245

Updating...
 

 
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.

 
2020-05-26
Low
CVE-2020-13616

Vendor: Pichi project
Software: Pichi
 

 
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.

 
Low
CVE-2020-13615

Vendor: QORE
Software: QORE
 

 
lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates.

 
Low
CVE-2020-13614

Vendor: Axel project
Software: AXEL
 

 
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.

 
2020-05-25
Medium
CVE-2020-13482

Vendor: Em-http-request project
Software: Em-http-request
 

 
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

 
2020-05-21
High
CVE-2020-1113

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'.

 
2020-05-19
Medium
CVE-2020-13163

Vendor: Em-imap project
Software: Em-imap
 

 
em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

 
2020-05-15
Low
CVE-2020-1758

Vendor: Redhat
Software: Keycloak
 

 
A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

 
2020-05-12
Medium
CVE-2020-8156

Vendor: Nextcloud
Software: Nextcloud mail
 

 
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top