MidnightBSD

Advisories for transifex

CVE-2013-2073 MEDIUM

Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
transifex transifex 0.3
transifex transifex 0.6
transifex transifex *
transifex transifex 0.4
transifex transifex 0.7
transifex transifex 0.5
transifex transifex 0.2
transifex transifex 0.1
CVE-2013-7110 MEDIUM

Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
transifex transifex 0.3
transifex transifex 0.6
transifex transifex *
transifex transifex 0.4
transifex transifex 0.7
transifex transifex 0.5
transifex transifex 0.2
transifex transifex 0.8
transifex transifex 0.1