Total
1136 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2024-11-21 | N/A |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | ||||
| CVE-2015-2625 | 2 Oracle, Redhat | 7 Jdk, Jre, Jrockit and 4 more | 2024-11-21 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. | ||||
| CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2024-11-21 | N/A |
| Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | ||||
| CVE-2015-2320 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-11-21 | N/A |
| The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | ||||
| CVE-2015-2319 | 1 Mono-project | 1 Mono | 2024-11-21 | N/A |
| The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204. | ||||
| CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-11-21 | N/A |
| The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | ||||
| CVE-2015-1852 | 3 Canonical, Openstack, Redhat | 4 Ubuntu Linux, Keystonemiddleware, Python-keystoneclient and 1 more | 2024-11-21 | N/A |
| The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | ||||
| CVE-2015-1816 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
| Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. | ||||
| CVE-2015-1777 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Rhn-client-tools | 2024-11-21 | N/A |
| rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and Enterprise Linux (RHEL) 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle attack. | ||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2024-11-21 | N/A |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2024-11-21 | N/A |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | ||||
| CVE-2015-0534 | 1 Dell | 3 Bsafe, Bsafe Ssl-c, Bsafe Ssl-j | 2024-11-21 | 7.5 High |
| EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. | ||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-11-21 | 7.5 High |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | ||||
| CVE-2015-0282 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2024-11-21 | N/A |
| GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | ||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2024-11-21 | N/A |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | ||||
| CVE-2014-8642 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2024-11-21 | N/A |
| Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. | ||||
| CVE-2014-8167 | 1 Redhat | 3 Enterprise Virtualization, Vdsclient, Virtual Desktop Server Manager | 2024-11-21 | 5.9 Medium |
| vdsm and vdsclient does not validate certficate hostname from another vdsm which could facilitate a man-in-the-middle attack | ||||
| CVE-2014-8164 | 1 Redhat | 1 Cloudforms Management Engine | 2024-11-21 | 9.1 Critical |
| A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x. | ||||
| CVE-2014-8151 | 2 Apple, Haxx | 2 Mac Os X, Libcurl | 2024-11-21 | N/A |
| The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in libcurl 7.31.0 through 7.39.0, when using the DarwinSSL (aka SecureTransport) back-end for TLS, does not check if a cached TLS session validated the certificate when reusing the session, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. | ||||
| CVE-2014-7242 | 1 Ms-ins | 2 Sumaho, Sumaho Driving Capability Diagnosis | 2024-11-21 | N/A |
| The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | ||||