Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
certificate system vulnerabilities and exploits
(subscribe to this query)
5.1
CVSSv2
CVE-2008-3249
The client in Lenovo System Update prior to 3.14 does not properly validate the certificate when establishing an SSL connection, which allows remote malicious users to install arbitrary packages via an SSL certificate whose X.509 headers match a public certificate used by IBM.
Lenovo Thinkvantage System Update 3.13
Lenovo Thinkvantage System Update
2.1
CVSSv2
CVE-2012-4862
The Host Connect emulator in IBM Rational Developer for System z 7.1 up to and including 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.
Ibm Rational Developer For System Z 7.6.2.4
Ibm Rational Developer For System Z 8.0.1.0
Ibm Rational Developer For System Z 8.5.0.1
Ibm Rational Developer For System Z 8.5.1
Ibm Rational Developer For System Z 7.6.2.2
Ibm Rational Developer For System Z 7.6.2.3
Ibm Rational Developer For System Z 8.0.3.3
Ibm Rational Developer For System Z 8.5.0
Ibm Rational Developer For System Z 7.1
Ibm Rational Developer For System Z 7.6.2.1
Ibm Rational Developer For System Z 8.0.3.1
Ibm Rational Developer For System Z 8.0.3.2
Ibm Rational Developer For System Z 8.0.2
Ibm Rational Developer For System Z 8.0.3
5
CVSSv2
CVE-2004-2216
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and previous versions and 6.1 SP1 and previous versions, and Application Server 7 Update 4 and previous versions, allows remote malicious users to cause a denial of service (crash) via a malformed client certificate.
Sun Java System Web Server 6.0
Sun Java System Application Server 7.0
Sun Java System Web Server 6.1
4.3
CVSSv2
CVE-2012-4829
IBM XIV Storage System Gen3 prior to 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle malicious users to spoof servers by leveraging an inappropriate certificate-trust relationship.
Ibm Xiv Storage System Gen3
8.3
CVSSv2
CVE-2015-2233
Lenovo System Update (formerly ThinkVantage System Update) prior to 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle malicious users to upload and execute arbitrary files via a crafted certificate.
Lenovo System Update
NA
CVE-2022-34404
Dell System Update, version 2.0.0 and previous versions, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service.
Dell System Update
9
CVSSv2
CVE-2019-11355
An issue exists in Poly (formerly Polycom) HDX 3.1.13. A feature exists that allows the creation of a server / client certificate, or the upload of the user certificate, on the administrator's page. The value received from the user is the factor value of a shell script on th...
Polycom Hdx System Software
NA
CVE-2023-22339
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and previous versions allows a remote unauthenticated malicious user to bypass access restriction and obtain the server certificate including the private key of the product.
Contec Conprosys Hmi System
5
CVSSv2
CVE-2015-6276
Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote malicious users to obtain cleartext versions of HTTPS traffic or spoof devices via a direct request to the certificat...
Cisco Telepresence System Software Ix 8.0.3
2.7
CVSSv2
CVE-2021-1354
A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent malicious user to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certific...
Cisco Unified Computing System Central Software
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »