Total
1277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8939 | 1 Warnerbros | 1 Ellentube | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-5901 | 1 State Bank Of India | 1 State Bank Anywhere | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-3218 | 1 Samsung | 1 Magician | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
|
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
|
|||||
| CVE-2017-2913 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 2.6 LOW | 5.9 MEDIUM |
|
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.
|
|||||
| CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors.
|
|||||
| CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
|
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110;
|
|||||
| CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.
|
|||||
| CVE-2017-5912 | 1 Forex | 1 Forextrader | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication.
|
|||||
| CVE-2017-6144 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
|
In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected.
|
|||||
| CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2025-04-20 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
|
|||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.
|
|||||
| CVE-2017-9590 | 1 Sbw | 1 State Bank Of Waterloo Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9597 | 1 Meafinancial | 1 Blue Ridge Bank And Trust Co. Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
GANMA! App for iOS does not verify SSL certificates.
|
|||||
| CVE-2017-8943 | 1 Puma | 1 Pumatrac | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-3886 | 1 Libinfinity Project | 1 Libinfinity | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
|
|||||
| CVE-2016-10511 | 1 Twitter | 1 Twitter | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
|
|||||
| CVE-2016-3083 | 1 Apache | 1 Hive | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client wi ...
Show More |
|||||
| CVE-2017-9560 | 1 Cayugalakenationalbank | 1 Cayuga Lake National Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
|
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
|
|||||
| CVE-2016-4818 | 1 Dmm | 3 Dmmfx Demo Trade, Dmmfx Trade, Gaitamejapan Fx Trade | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.
|
|||||
| CVE-2017-3194 | 1 Pandora | 1 Pandora | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
|
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
|
|||||
| CVE-2017-2800 | 1 Wolfssl | 1 Wolfssl | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
|
|||||
| CVE-2017-9601 | 1 Fnbkemp | 1 Fnb Kemp Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9592 | 1 Meafinancial | 1 Your Legacy Federal Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-8941 | 1 Interval International | 1 Interval International | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9591 | 1 Mypcb | 1 Pcb Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-6358 | 1 Cisco | 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSC ...
Show More |
|||||
| CVE-2017-9577 | 1 Fcbl | 1 First Citizens Bank-mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-17718 | 1 Net-ldap Project | 1 Net-ldap | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
|
|||||
| CVE-2017-9572 | 1 Athensstatebank | 1 Athens State Bank Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
|
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
|
|||||
| CVE-2017-0248 | 1 Microsoft | 1 .net Framework | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
|
|||||
| CVE-2017-9588 | 1 Meafinancial | 1 Oritani Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-5909 | 1 Electronic Funds Source Llc | 1 Efs Mobile Driver Source | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-8301 | 1 Openbsd | 1 Libressl | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
|
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.
|
|||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
|
|||||
| CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.
|
|||||
| CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
|
|||||