Total
1042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1003009 | 1 Jenkins | 1 Active Directory | 2023-10-25 | 5.8 MEDIUM | 7.4 HIGH |
| An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS. | |||||
| CVE-2019-10382 | 1 Jenkins | 1 Vmware Lab Manager Slaves | 2023-10-25 | 5.8 MEDIUM | 6.5 MEDIUM |
| Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2020-2187 | 1 Jenkins | 1 Amazon Ec2 | 2023-10-25 | 6.8 MEDIUM | 5.6 MEDIUM |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts self-signed certificates and does not perform hostname validation, enabling man-in-the-middle attacks. | |||||
| CVE-2020-2253 | 1 Jenkins | 1 Email Extension | 2023-10-25 | 5.8 MEDIUM | 4.8 MEDIUM |
| Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server. | |||||
| CVE-2019-10314 | 1 Jenkins | 1 Koji | 2023-10-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jenkins Koji Plugin disables SSL/TLS and hostname verification globally for the Jenkins master JVM. | |||||
| CVE-2019-16558 | 1 Jenkins | 1 Spira Importer | 2023-10-25 | 6.4 MEDIUM | 8.2 HIGH |
| Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM. | |||||
| CVE-2022-3761 | 1 Openvpn | 1 Connect | 2023-10-24 | N/A | 5.9 MEDIUM |
| OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials | |||||
| CVE-2023-5422 | 1 Otrs | 1 Otrs | 2023-10-20 | N/A | 9.1 CRITICAL |
| The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated. This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34. | |||||
| CVE-2023-4499 | 1 Hp | 20 Elite Mt645, Mt21, Mt22 and 17 more | 2023-10-19 | N/A | 7.5 HIGH |
| A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | |||||
| CVE-2022-43892 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 5.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455. | |||||
| CVE-2022-22380 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2023-10-18 | N/A | 4.3 MEDIUM |
| IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957. | |||||
| CVE-2023-5554 | 1 Linecorp | 1 Line | 2023-10-17 | N/A | 9.8 CRITICAL |
| Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | |||||
| CVE-2023-38353 | 1 Minitool | 1 Power Data Recovery | 2023-10-13 | N/A | 5.9 MEDIUM |
| MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. | |||||
| CVE-2023-38354 | 1 Minitool | 1 Shadowmaker | 2023-10-13 | N/A | 8.1 HIGH |
| MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-38355 | 1 Minitool | 1 Movie Maker | 2023-10-13 | N/A | 8.1 HIGH |
| MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | |||||
| CVE-2023-45613 | 1 Jetbrains | 1 Ktor | 2023-10-12 | N/A | 9.1 CRITICAL |
| In JetBrains Ktor before 2.3.5 server certificates were not verified | |||||
| CVE-2023-39441 | 1 Apache | 3 Airflow, Apache-airflow-providers-imap, Apache-airflow-providers-smtp | 2023-08-29 | N/A | 5.9 MEDIUM |
| Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability | |||||
| CVE-2023-33201 | 1 Bouncycastle | 1 Bc-java | 2023-08-24 | N/A | 5.3 MEDIUM |
| Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability. | |||||
| CVE-2023-40256 | 1 Veritas | 1 Netbackup Snapshot Manager | 2023-08-18 | N/A | 9.8 CRITICAL |
| A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers. | |||||
| CVE-2014-3394 | 1 Cisco | 11 Adaptive Security Appliance Software, Adaptive Security Virtual Appliance, Asa 1000v Cloud Firewall and 8 more | 2023-08-15 | 5.0 MEDIUM | N/A |
| The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 before 8.2(5.50), 8.4 before 8.4(7.15), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.8), and 9.1 before 9.1(5.1) allows remote attackers to bypass certificate validation via an arbitrary VeriSign certificate, aka Bug ID CSCun10916. | |||||