Export limit exceeded: 351407 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2345 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-11-21 | 5.9 Medium |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | ||||
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 9.1 Critical |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | ||||
| CVE-2014-3607 | 1 Ldaptive | 2 Ldaptive, Vt-ldap | 2024-11-21 | N/A |
| DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2014-3603 | 1 Shibboleth | 2 Identity Provider, Opensaml Java | 2024-11-21 | N/A |
| The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2014-3495 | 2 Debian, Opensuse | 3 Debian Linux, Duplicity, Opensuse | 2024-11-21 | 7.5 High |
| duplicity 0.6.24 has improper verification of SSL certificates | ||||
| CVE-2014-3230 | 1 Lwp\ | 1 \ | 2024-11-21 | 5.9 Medium |
| The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable. | ||||
| CVE-2014-2902 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 does not properly authorize CA certificate for signing other certificates. | ||||
| CVE-2014-2901 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfssl before 3.2.0 does not properly issue certificates for a server's hostname. | ||||
| CVE-2014-0161 | 1 Ovirt-engine-sdk-python Project | 1 Ovirt-engine-sdk-python | 2024-11-21 | 5.9 Medium |
| ovirt-engine-sdk-python before 3.4.0.7 and 3.5.0.4 does not verify that the hostname of the remote endpoint matches the Common Name (CN) or subjectAltName as specified by its x.509 certificate in a TLS/SSL session. This could allow man-in-the-middle attackers to spoof remote endpoints via an arbitrary valid certificate. | ||||
| CVE-2014-0104 | 1 Clusterlabs | 1 Fence-agents | 2024-11-21 | 5.9 Medium |
| In fence-agents before 4.0.17 does not verify remote SSL certificates in the fence_cisco_ucs.py script which can potentially allow for man-in-the-middle attackers to spoof SSL servers via arbitrary SSL certificates. | ||||
| CVE-2013-7201 | 1 Paypal | 1 Paypal | 2024-11-21 | N/A |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | ||||
| CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2024-11-21 | 5.9 Medium |
| Cache Poisoning issue exists in DNS Response Rate Limiting. | ||||
| CVE-2013-2255 | 3 Debian, Openstack, Redhat | 4 Debian Linux, Compute, Keystone and 1 more | 2024-11-21 | 5.9 Medium |
| HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates. | ||||
| CVE-2013-1351 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 5.9 Medium |
| Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | ||||
| CVE-2013-0264 | 1 Redhat | 1 Mrg Management Console | 2024-11-21 | 7.5 High |
| An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it. | ||||
| CVE-2012-6709 | 2 Elinks, Twibright | 2 Elinks, Links | 2024-11-21 | N/A |
| ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation. | ||||
| CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2024-11-21 | 8.8 High |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | ||||
| CVE-2012-6071 | 2 Debian, Nusoap Project | 2 Debian Linux, Nusoap | 2024-11-21 | 7.5 High |
| nuSOAP before 0.7.3-5 does not properly check the hostname of a cert. | ||||
| CVE-2012-5518 | 1 Ovirt | 1 Vdsm | 2024-11-21 | 7.5 High |
| vdsm: certificate generation upon node creation allowing vdsm to start and serve requests from anyone who has a matching key (and certificate) | ||||
| CVE-2012-1316 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 5.9 Medium |
| Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks | ||||