Total
1042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8479 | 1 Microsoft | 2 C Software Development Kit, Java Software Development Kit | 2018-12-12 | 6.8 MEDIUM | 5.6 MEDIUM |
| A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK. | |||||
| CVE-2018-18567 | 1 Audiocodes | 4 440hd, 440hd Firmware, 450hd and 1 more | 2018-12-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| AudioCodes 440HD and 450HD devices 3.1.2.89 and earlier allows man-in-the-middle attackers to obtain sensitive credential information by leveraging failure to validate X.509 certificates when used with an on-premise installation with Skype for Business. | |||||
| CVE-2018-15898 | 1 Subsonic | 1 Music Streamer | 2018-11-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | |||||
| CVE-2018-12608 | 1 Mobyproject | 1 Moby | 2018-11-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. | |||||
| CVE-2018-2460 | 1 Sap | 1 Business One | 2018-11-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | |||||
| CVE-2016-1000030 | 2 Pidgin, Suse | 2 Pidgin, Linux Enterprise Server | 2018-11-14 | 7.5 HIGH | 9.8 CRITICAL |
| Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. | |||||
| CVE-2018-15476 | 1 Mystrom | 12 Wifi Bulb, Wifi Bulb Firmware, Wifi Button and 9 more | 2018-11-09 | 9.3 HIGH | 8.1 HIGH |
| An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certificate in the device to cloud communication was not verified by the device. As a result, an attacker in control of the network traffic of a device could have taken control of a device by intercepting and modifying commands issued from the server to the device in a Man-in-the-Middle attack. This included the ability to inject firmware update commands into the communication and cause the device to install maliciously modified firmware. | |||||
| CVE-2018-12829 | 1 Adobe | 1 Creative Cloud | 2018-11-05 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2018-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | |||||
| CVE-2018-11712 | 1 Webkitgtk | 1 Webkitgtk\+ | 2018-10-21 | 5.0 MEDIUM | 7.5 HIGH |
| WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. | |||||
| CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2018-10-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||||
| CVE-2016-1519 | 1 Grandstream | 1 Wave | 2018-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | |||||
| CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
| CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2018-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |||||
| CVE-2018-1999034 | 1 Jenkins | 1 Inedo Proget | 2018-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins Inedo ProGet Plugin 0.8 and earlier in ProGetApi.java, ProGetConfig.java, ProGetConfiguration.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-1000605 | 1 Jenkins | 1 Collabnet | 2018-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins CollabNet Plugin 2.0.4 and earlier in CollabNetApp.java, CollabNetPlugin.java, CNFormFieldValidator.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-1999035 | 1 Jenkins | 1 Inedo Buildmaster | 2018-10-05 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins Inedo BuildMaster Plugin 1.3 and earlier in BuildMasterConfiguration.java, BuildMasterConfig.java, BuildMasterApi.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-1999025 | 1 Jenkins | 1 Tracetronic Ecu-test | 2018-10-04 | 5.8 MEDIUM | 7.4 HIGH |
| A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to. | |||||
| CVE-2018-0622 | 1 Dhc | 1 Dhc Online Shop | 2018-09-21 | 5.8 MEDIUM | 7.4 HIGH |
| The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-14709 | 1 Komoot | 1 Komoot | 2018-09-11 | 5.8 MEDIUM | 7.4 HIGH |
| The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||