Lucene search
K

199 matches found

NVD
NVD
added 2020/05/07 9:15 p.m.16 views

CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0...

9CVSS9.1AI score0.00771EPSS
Exploits0References1
OSV
OSV
added 2020/03/30 7:15 p.m.4 views

DEBIAN-CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS8.4AI score0.02007EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2020/03/30 6:39 p.m.20 views

CVE-2019-17560

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are...

9.1CVSS9.2AI score0.02007EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/02/14 12:0 a.m.4 views

PT-2020-10459 · Heartland & Global Payments · Heartland & Global Payments Php Sdk

Name of the Vulnerable Software and Affected Versions: Heartland & Global Payments PHP SDK versions prior to 2.0.0 Description: The issue concerns the failure to enforce SSL certificate validations in the Gateways/Gateway.php file. This could potentially lead to security risks, as it may allow fo...

5.9CVSS5.5AI score0.00976EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2019/12/17 12:0 a.m.5 views

PT-2019-14716 · Jenkins · Jenkins Websphere Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins WebSphere Deployer Plugin version 1.6.1 and earlier Description: The issue allows users with Overall/Read access to disable SSL/TLS certificate and hostname validation for the entire Jenkins master JVM. Recommendations: For Jenkins...

7.1CVSS6.8AI score0.0051EPSS
Exploits0References5
CNVD
CNVD
added 2019/12/09 12:0 a.m.2 views

Audible has an unspecified vulnerability

Audible is an online playback application for audiobooks from the American company Audible. A security vulnerability exists in versions 2.34.0 and earlier of Audible, based on the Android platform, which stems from the program's failure to validate SSL credentials against Adobe SDKs. An attacker...

5.9CVSS6.6AI score0.00464EPSS
Exploits0References1
NVD
NVD
added 2019/11/13 6:15 p.m.23 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks...

5.9CVSS5.7AI score0.00626EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2019/11/13 6:15 p.m.38 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks...

5.9CVSS6.2AI score0.00626EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/11/13 5:19 p.m.25 views

CVE-2010-4532

offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks...

5.7AI score0.00626EPSS
Exploits0References5
OSV
OSV
added 2019/10/01 5:15 p.m.1 views

CVE-2019-15042

An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1...

7.5CVSS5.8AI score0.00664EPSS
Exploits0References1
OSV
OSV
added 2019/08/21 7:15 p.m.2 views

CVE-2019-1948

A vulnerability in Cisco Webex Meetings Mobile iOS could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer SSL certificate. The vulnerability is due to insufficient SSL certificate validation by the affected...

5.9CVSS6.3AI score0.0087EPSS
Exploits0References1
Prion
Prion
added 2019/08/13 2:15 p.m.14 views

Design/Logic Flaw

The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help...

5.8CVSS7.3AI score0.00697EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/05/08 2:48 p.m.15 views

CVE-2018-5408 PrinterLogic Print Management Software fails to validate the management portal SSL certificates

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a...

7.8AI score0.00749EPSS
Exploits0References2
CERT
CERT
added 2019/05/03 12:0 a.m.96 views

PrinterLogic Print Management Software fails to validate SSL certificates or the integrity of software updates.

Overview PrinterLogic Print Management Software fails to validate SSL and software update certificates, which could allow an attacker to reconfigure the software and remotely execute code. In addition, the PrinterLogic agent does not sanitize browser input allowing a remote attacker to modify...

10CVSS9.2AI score0.03453EPSS
Exploits0References7
OSV
OSV
added 2019/03/14 3:40 p.m.3 views

GHSA-GF2V-9HP6-44QG org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation

Apache Hive JDBC + HiveServer2 implements SSL for plain TCP and HTTP connections it supports both transport modes. While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name...

7.5CVSS7.1AI score0.01006EPSS
Exploits0References4
OSV
OSV
added 2019/02/18 11:58 p.m.20 views

GHSA-Q43M-FFWR-RPCC SSL Validation Defaults to False in electron-packager

Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...

5.9CVSS5.7AI score0.00952EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/02/18 11:58 p.m.28 views

SSL Validation Defaults to False in electron-packager

Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...

5.9CVSS3.8AI score0.00952EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2018/07/24 3:29 p.m.15 views

CVE-2017-3182

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud preventi...

6.8CVSS6.5AI score0.00346EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/24 3:0 p.m.17 views

CVE-2017-3182 On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack

On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle MITM attack. ThreatMetrix is a security library for mobile applications, which aims to provide fraud preventi...

6.4AI score0.00346EPSS
Exploits0References2
NVD
NVD
added 2018/06/12 6:29 p.m.13 views

CVE-2018-12257

An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in...

4.4CVSS4.7AI score0.0035EPSS
Exploits1References1
Rows per page
Query Builder