Total
1201 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-15326 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In some situations on BIG-IP APM 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, or 11.6.0-11.6.3.2, the CRLDP Auth access policy agent may treat revoked certificates as valid when the BIG-IP APM system fails to download a new Certificate Revocation List. | |||||
| CVE-2018-12829 | 1 Adobe | 1 Creative Cloud | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Creative Cloud Desktop Application before 4.6.1 has an improper certificate validation vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2018-12608 | 1 Mobyproject | 1 Moby | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate. | |||||
| CVE-2018-12499 | 1 Motorola | 2 Mbp853, Mbp853 Firmware | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. | |||||
| CVE-2018-12461 | 1 Netiq | 1 Edirectory | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation. | |||||
| CVE-2018-12257 | 1 Apollotechnologiesinc | 2 Momentum Axel 720p, Momentum Axel 720p Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered on Momentum Axel 720P 5.1.8 devices. There is Authenticated Custom Firmware Upgrade via DNS Hijacking. An authenticated root user with CLI access is able to remotely upgrade firmware to a custom image due to lack of SSL validation by changing the nameservers in /etc/resolv.conf to the attacker's server, and serving the expected HTTPS response containing new firmware for the device to download. | |||||
| CVE-2018-12205 | 1 Intel | 5 Core I3, Core I5, Core I7 and 2 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access. | |||||
| CVE-2018-12087 | 1 Opcfoundation | 2 Ua-.net-legacy, Ua-.netstandard | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords. | |||||
| CVE-2018-11775 | 2 Apache, Oracle | 3 Activemq, Enterprise Repository, Flexcube Private Banking | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. | |||||
| CVE-2018-11751 | 1 Puppet | 1 Puppet Server | 2024-11-21 | 4.8 MEDIUM | 5.4 MEDIUM |
| Previous versions of Puppet Agent didn't verify the peer in the SSL connection prior to downloading the CRL. This issue is resolved in Puppet Agent 6.4.0. | |||||
| CVE-2018-11747 | 1 Puppet | 1 Discovery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress. | |||||
| CVE-2018-11712 | 1 Webkitgtk | 1 Webkitgtk\+ | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections. | |||||
| CVE-2018-10894 | 1 Redhat | 3 Enterprise Linux, Keycloak, Single Sign-on | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks. | |||||
| CVE-2018-10408 | 1 Virustotal | 1 Virustotal | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10406 | 1 Yelp | 1 Osxcollector | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10405 | 1 Google | 1 Santa | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10404 | 1 Objective-see | 5 Knockknock, Lulu, Procinfo and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10403 | 1 F-secure | 1 Xfence | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | |||||
| CVE-2018-10377 | 1 Portswigger | 1 Burp Suite | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | |||||
| CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). | |||||