Total
1232 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8642 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. | ||||
| CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2025-04-12 | 3.7 Low |
| Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | ||||
| CVE-2013-7397 | 2 Async-http-client Project, Redhat | 5 Async-http-client, Jboss Bpms, Jboss Brms and 2 more | 2025-04-12 | N/A |
| Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-the-middle attackers to spoof HTTPS servers by presenting an arbitrary certificate during use of a typical AHC configuration, as demonstrated by a configuration that does not send client certificates. | ||||
| CVE-2016-7141 | 3 Haxx, Opensuse, Redhat | 5 Libcurl, Leap, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | ||||
| CVE-2016-2113 | 3 Canonical, Redhat, Samba | 7 Ubuntu Linux, Enterprise Linux, Rhel Aus and 4 more | 2025-04-12 | N/A |
| Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-5420 | 4 Debian, Haxx, Opensuse and 1 more | 6 Debian Linux, Libcurl, Leap and 3 more | 2025-04-12 | N/A |
| curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | ||||
| CVE-2015-4094 | 1 Thycotic | 1 Secret Server | 2025-04-12 | N/A |
| The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-3522 | 4 Apache, Apple, Canonical and 1 more | 4 Subversion, Xcode, Ubuntu Linux and 1 more | 2025-04-12 | N/A |
| The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18 and 1.8.x before 1.8.10 does not properly handle wildcards in the Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2016-5419 | 4 Debian, Haxx, Opensuse and 1 more | 6 Debian Linux, Libcurl, Leap and 3 more | 2025-04-12 | N/A |
| curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | ||||
| CVE-2016-7171 | 1 Netapp | 1 Netapp Plug-in | 2025-04-12 | N/A |
| NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | ||||
| CVE-2015-0282 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | ||||
| CVE-2014-3694 | 5 Canonical, Debian, Opensuse and 2 more | 5 Ubuntu Linux, Debian Linux, Opensuse and 2 more | 2025-04-12 | N/A |
| The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-0036 | 1 Amos Benari | 1 Rbovirt | 2025-04-12 | N/A |
| The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors. | ||||
| CVE-2009-5138 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | ||||
| CVE-2014-0363 | 2 Igniterealtime, Redhat | 4 Smack, Jboss Bpms, Jboss Brms and 1 more | 2025-04-12 | N/A |
| The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain. | ||||
| CVE-2015-1852 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Keystonemiddleware, Python-keystoneclient and 1 more | 2025-04-12 | N/A |
| The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | ||||
| CVE-2014-3691 | 2 Redhat, Theforeman | 5 Openstack, Openstack-installer, Satellite and 2 more | 2025-04-12 | N/A |
| Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. | ||||
| CVE-2014-3394 | 1 Cisco | 11 Adaptive Security Appliance Software, Adaptive Security Virtual Appliance, Asa 1000v Cloud Firewall and 8 more | 2025-04-12 | N/A |
| The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916. | ||||
| CVE-2016-7444 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | ||||
| CVE-2015-3152 | 6 Debian, Fedoraproject, Mariadb and 3 more | 14 Debian Linux, Fedora, Mariadb and 11 more | 2025-04-12 | 5.9 Medium |
| Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. | ||||