Vulnerabilities (CVE)

CWE filter

CWE-295

Filter

368 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3751 1 Dell 1 Emc Enterprise Copy Data Management 2019-10-10 5.8
Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle...
CVE-2018-5926 1 Hp 1 Remote Graphics Software 2019-10-10 6.4
A potential vulnerability has been identified in HP Remote Graphics Software?s certificate authentication process version 7.5.0 and earlier.
CVE-2019-7615 1 Elastic 1 Apm-agent-ruby 2019-10-09 5.8
A TLS certificate validation flaw was found in Elastic APM agent for Ruby versions before 2.9.0. When specifying a trusted server CA certificate via the 'server_ca_cert' setting, the Ruby agent would not properly verify the certificate returned...
CVE-2019-7229 2019-10-09 5.4
The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these...
CVE-2019-4150 1 Ibm 1 Security Access Manager 2019-10-09 4.3
IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510.
CVE-2019-3890 2 Gnome, Redhat 2 Evolution-ews, Enterprise Linux 2019-10-09 5.8
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the...
CVE-2019-3875 1 Redhat 2 Keycloak, Single Sign-on 2019-10-09 5.8
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the...
CVE-2019-3841 1 Kubevirt 1 Containerized Data Importer 2019-10-09 4.9
Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry...
CVE-2019-3807 1 Powerdns 1 Recursor 2019-10-09 6.4
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass...
CVE-2019-3777 1 Pivotal Software 1 Application Service 2019-10-09 5.0
Pivotal Application Service (PAS), versions 2.2.x prior to 2.2.12, 2.3.x prior to 2.3.7 and 2.4.x prior to 2.4.3, contain apps manager that uses a cloud controller proxy that fails to verify SSL certs. A remote unauthenticated attacker that could...
CVE-2019-1948 2019-10-09 4.3
A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to...
CVE-2019-1757 1 Cisco 2 Ios, Ios Xe 2019-10-09 N/A
A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to...
CVE-2019-1748 1 Cisco 2 Ios, Ios Xe 2019-10-09 N/A
A vulnerability in the Cisco Network Plug-and-Play (PnP) agent of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability exists because the...
CVE-2019-1683 1 Cisco 14 Spa112 Firmware, Spa500 Firmware, Spa500ds Firmware and 11 more 2019-10-09 5.8
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted...
CVE-2019-1659 1 Cisco 1 Prime Infrastructure 2019-10-09 5.8
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel...
CVE-2019-1590 1 Cisco 1 Nx-os 2019-10-09 6.8
A vulnerability in the Transport Layer Security (TLS) certificate validation functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to perform...
CVE-2019-10382 1 Jenkins 1 Vmware Lab Manager Slaves 2019-10-09 5.8
Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2019-10381 1 Jenkins 1 Codefresh Integration 2019-10-09 4.3
Jenkins Codefresh Integration Plugin 1.8 and earlier disables SSL/TLS and hostname verification globally for the Jenkins master JVM.
CVE-2019-1010275 1 Helm 1 Helm 2019-10-09 7.5
helm Before 2.7.2 is affected by: CWE-295: Improper Certificate Validation. The impact is: Unauthorized clients could connect to the server because self-signed client certs were aloowed. The component is: helm (many files updated, see...
CVE-2019-1003009 1 Jenkins 1 Active Directory 2019-10-09 5.8
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,...