34 matches found
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".
...
PYSEC-2020-252
The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances, native Python code is used that lacks a comparison of the hostname to commonName and subjectAltName...
CVE-2020-14980
The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation...
CVE-2020-14981
The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation...
Palo Alto GlobalProtect Agent 5.0.x < 5.0.10 / 5.1.x < 5.1.4 Missing Certificate Validation
The version of Palo Alto GlobalProtect Agent installed on the remote host is 5.0.x prior to 5.0.10, or 5.1.x prior to 5.1.4. It is, therefore, affected by a missing certificate validation vulnerability. When the pre-logon feature is enabled, a missing certification validation in Palo Alto Network...
GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
CVE-2020-6175
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation...
CVE-2019-18633
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected...
CVE-2019-18633
CVE-2019-18633 concerns the European Commission eIDAS-Node Integration Package. Connected sources confirm a vulnerability in Missing Certificate Validation where a certain ExplicitKeyTrustEvaluator return value is not checked. The issue is explicitly tied to the package versions “before 2.3.1,” a...
CVE-2019-18633
European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected...
CVE-2019-5538
Sensitive information disclosure vulnerability resulting from a lack of certificate validation during the File-Based Backup and Restore operations of VMware vCenter Server Appliance 6.7 before 6.7u3a and 6.5 before 6.5u3d may allow a malicious actor to intercept sensitive data in transit over SCP...
CVE-2017-17944
The ASUS Vivobaby application before 1.1.09 for Android has Missing SSL Certificate Validation...
ALPINE-CVE-2018-1000500
Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file"...
UBUNTU-CVE-2012-6709
ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation...