Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22459 | 2025-04-08 | 4.8 Medium | ||
| Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and servers. | ||||
| CVE-2024-43196 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-03-11 | 4.3 Medium |
| IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses. | ||||
| CVE-2025-1146 | 2025-02-12 | 8.1 High | ||
| CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where our TLS connection routine to the CrowdStrike cloud can incorrectly process server certificate validation. This could allow an attacker with the ability to control network traffic to potentially conduct a man-in-the-middle (MiTM) attack. CrowdStrike identified this issue internally and released a security fix in all Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor versions 7.06 and above. CrowdStrike identified this issue through our longstanding, rigorous security review process, which has been continually strengthened with deeper source code analysis and ongoing program enhancements as part of our commitment to security resilience. CrowdStrike has no indication of any exploitation of this issue in the wild. CrowdStrike has leveraged its world class threat hunting and intelligence capabilities to actively monitor for signs of abuse or usage of this flaw and will continue to do so. Windows and Mac sensors are not affected by this. | ||||
| CVE-2021-44532 | 4 Debian, Nodejs, Oracle and 1 more | 14 Debian Linux, Node.js, Graalvm and 11 more | 2024-11-21 | 5.3 Medium |
| Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | ||||
| CVE-2021-23162 | 1 Gallagher | 1 Command Centre Mobile Connect | 2024-11-21 | 7.7 High |
| Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android 15 versions prior to 15.04.040; version 14 and prior versions. | ||||
| CVE-2021-23155 | 1 Gallagher | 1 Command Centre Mobile Client | 2024-11-21 | 9 Critical |
| Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android 8.60 versions prior to 8.60.065; version 8.50 and prior versions. | ||||
| CVE-2021-1566 | 1 Cisco | 3 Asyncos, Email Security Appliance, Web Security Appliance | 2024-11-21 | 7.4 High |
| A vulnerability in the Cisco Advanced Malware Protection (AMP) for Endpoints integration of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to intercept traffic between an affected device and the AMP servers. This vulnerability is due to improper certificate validation when an affected device establishes TLS connections. A man-in-the-middle attacker could exploit this vulnerability by sending a crafted TLS packet to an affected device. A successful exploit could allow the attacker to spoof a trusted host and then extract sensitive information or alter certain API requests. | ||||
| CVE-2020-26117 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Leap, Enterprise Linux and 1 more | 2024-11-21 | 8.1 High |
| In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. | ||||
| CVE-2020-12421 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.5 Medium |
| When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||||
| CVE-2019-3890 | 2 Gnome, Redhat | 2 Evolution-ews, Enterprise Linux | 2024-11-21 | N/A |
| It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the difference. | ||||
| CVE-2019-3762 | 1 Dell | 2 Emc Data Protection Central, Emc Integrated Data Protection Appliance | 2024-11-21 | 7.5 High |
| Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. | ||||
Page 1 of 1.