Export limit exceeded: 335255 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2164 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-32069 | 1 Mitel | 1 Micollab | 2024-11-21 | 4.8 Medium |
| The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data. | ||||
| CVE-2021-31958 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2024-11-21 | 7.5 High |
| Windows NTLM Elevation of Privilege Vulnerability | ||||
| CVE-2021-31892 | 1 Siemens | 20 Sinumerik Analyse Mycondition, Sinumerik Analyse Mycondition Firmware, Sinumerik Analyze Myperformance and 17 more | 2024-11-21 | 7.4 High |
| A vulnerability has been identified in SINUMERIK Analyse MyCondition (All versions), SINUMERIK Analyze MyPerformance (All versions), SINUMERIK Analyze MyPerformance /OEE-Monitor (All versions), SINUMERIK Analyze MyPerformance /OEE-Tuning (All versions), SINUMERIK Integrate Client 02 (All versions >= V02.00.12 < 02.00.18), SINUMERIK Integrate Client 03 (All versions >= V03.00.12 < 03.00.18), SINUMERIK Integrate Client 04 (V04.00.02 and all versions >= V04.00.15 < 04.00.18), SINUMERIK Integrate for Production 4.1 (All versions < V4.1 SP10 HF3), SINUMERIK Integrate for Production 5.1 (V5.1), SINUMERIK Manage MyMachines (All versions), SINUMERIK Manage MyMachines /Remote (All versions), SINUMERIK Manage MyMachines /Spindel Monitor (All versions), SINUMERIK Manage MyPrograms (All versions), SINUMERIK Manage MyResources /Programs (All versions), SINUMERIK Manage MyResources /Tools (All versions), SINUMERIK Manage MyTools (All versions), SINUMERIK Operate V4.8 (All versions < V4.8 SP8), SINUMERIK Operate V4.93 (All versions < V4.93 HF7), SINUMERIK Operate V4.94 (All versions < V4.94 HF5), SINUMERIK Optimize MyProgramming /NX-Cam Editor (All versions). Due to an error in a third-party dependency the ssl flags used for setting up a TLS connection to a server are overwitten with wrong settings. This results in a missing validation of the server certificate and thus in a possible TLS MITM szenario. | ||||
| CVE-2021-31747 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 4.8 Medium |
| Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks. | ||||
| CVE-2021-31597 | 1 Xmlhttprequest-ssl Project | 1 Xmlhttprequest-ssl | 2024-11-21 | 9.4 Critical |
| The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected. | ||||
| CVE-2021-30621 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 6.5 Medium |
| Chromium: CVE-2021-30621 UI Spoofing in Autofill | ||||
| CVE-2021-30619 | 2 Fedoraproject, Microsoft | 3 Fedora, Edge, Edge Chromium | 2024-11-21 | 6.5 Medium |
| Chromium: CVE-2021-30619 UI Spoofing in Autofill | ||||
| CVE-2021-29755 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.5 High |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015. | ||||
| CVE-2021-29737 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 7.5 High |
| IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301. | ||||
| CVE-2021-29726 | 1 Ibm | 2 Secure External Authentication Server, Sterling Secure Proxy | 2024-11-21 | 5.3 Medium |
| IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104. | ||||
| CVE-2021-29656 | 1 Pexip | 1 Infinity Connect | 2024-11-21 | 9.8 Critical |
| Pexip Infinity Connect before 1.8.0 mishandles TLS certificate validation. The allow list is not properly checked. | ||||
| CVE-2021-29653 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 High |
| HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in 1.5.8, 1.6.4, and 1.7.1. | ||||
| CVE-2021-29504 | 1 Wp-cli | 1 Wp-cli | 2024-11-21 | 9.1 Critical |
| WP-CLI is the command-line interface for WordPress. An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability to impersonate update servers and push malicious updates towards WordPress instances controlled by the vulnerable WP-CLI agent, or push malicious updates toward WP-CLI itself. The vulnerability stems from the fact that the default behavior of `WP_CLI\Utils\http_request()` when encountering a TLS handshake error is to disable certificate validation and retry the same request. The default behavior has been changed with version 2.5.0 of WP-CLI and the `wp-cli/wp-cli` framework (via https://github.com/wp-cli/wp-cli/pull/5523) so that the `WP_CLI\Utils\http_request()` method accepts an `$insecure` option that is `false` by default and consequently that a TLS handshake failure is a hard error by default. This new default is a breaking change and ripples through to all consumers of `WP_CLI\Utils\http_request()`, including those in separate WP-CLI bundled or third-party packages. https://github.com/wp-cli/wp-cli/pull/5523 has also added an `--insecure` flag to the `cli update` command to counter this breaking change. There is no direct workaround for the default insecure behavior of `wp-cli/wp-cli` versions before 2.5.0. The workaround for dealing with the breaking change in the commands directly affected by the new secure default behavior is to add the `--insecure` flag to manually opt-in to the previous insecure behavior. | ||||
| CVE-2021-29495 | 1 Nim-lang | 1 Nim | 2024-11-21 | 5.9 Medium |
| Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented. | ||||
| CVE-2021-29441 | 1 Alibaba | 1 Nacos | 2024-11-21 | 8.6 High |
| Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true) Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nacos servers to bypass this filter and therefore skip authentication checks. This mechanism relies on the user-agent HTTP header so it can be easily spoofed. This issue may allow any user to carry out any administrative tasks on the Nacos server. | ||||
| CVE-2021-28810 | 1 Qnap | 1 Roon Server | 2024-11-21 | 7.5 High |
| If exploited, this vulnerability allows an attacker to access resources which are not otherwise accessible without proper authentication. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later | ||||
| CVE-2021-28372 | 1 Throughtek | 1 Kalay P2p Software Development Kit | 2024-11-21 | 8.3 High |
| ThroughTek's Kalay Platform 2.0 network allows an attacker to impersonate an arbitrary ThroughTek (TUTK) device given a valid 20-byte uniquely assigned identifier (UID). This could result in an attacker hijacking a victim's connection and forcing them into supplying credentials needed to access the victim TUTK device. | ||||
| CVE-2021-28363 | 4 Fedoraproject, Oracle, Python and 1 more | 4 Fedora, Peoplesoft Enterprise Peopletools, Urllib3 and 1 more | 2024-11-21 | 6.5 Medium |
| The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | ||||
| CVE-2021-27899 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 7.4 High |
| The Proofpoint Insider Threat Management Agents (formerly ObserveIT Agent) for MacOS and Linux perform improper validation of the ITM Server's certificate, which enables a remote attacker to intercept and alter these communications using a man-in-the-middle attack. All versions before 7.11.1 are affected. Agents for Windows and Cloud are not affected. | ||||
| CVE-2021-27768 | 1 Hcltech | 1 Verse | 2024-11-21 | 6.3 Medium |
| Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, the application's network traffic was intercepted using a proxy server set up in 'transparent' mode while a certificate with an invalid hostname was active. The Android application was found to have hostname verification issues during the server setup and login flows; however, the application did not process requests post-login. | ||||