Total
1277 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.
|
|||||
| CVE-2017-11506 | 1 Tenable | 1 Nessus | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
|
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
|
|||||
| CVE-2017-1000209 | 1 Nv-websocket-client Project | 1 Nv-websocket-client | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.
|
|||||
| CVE-2017-8942 | 1 Yottamark Inc. | 1 Shopwell - Healthy Diet \& Grocery Food Scanner | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-1000097 | 1 Golang | 1 Go | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
|
|||||
| CVE-2017-5653 | 1 Apache | 1 Cxf | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
|
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
|
|||||
| CVE-2017-9598 | 1 Meafinancial | 1 Morton Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
|
|||||
| CVE-2017-9600 | 1 Meafinancial | 1 Peoples Bank Tulsa | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-7932 | 1 Nxp | 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more | 2025-04-20 | 4.4 MEDIUM | 6.0 MEDIUM |
|
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the exec ...
Show More |
|||||
| CVE-2017-9578 | 1 Rivervalleycommunitybank | 1 Rvcb Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
|
|||||
| CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
|
|||||
| CVE-2017-5918 | 1 Banco De Costa Rica | 1 Bcr Movil | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9569 | 1 Citizensbanktx | 1 Cbtx On The Go | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-4100 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 4.9 MEDIUM | 6.8 MEDIUM |
|
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
|
|||||
| CVE-2017-9579 | 1 Meafinancial | 1 Jmcu Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-14420 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-3213 | 1 Think Mutual Bank | 1 Think Mutual Bank Mobile Banking App | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2016-4840 | 1 Toshiba | 1 Coordinate Plus | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
|
|||||
| CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
|
|||||
| CVE-2017-9599 | 1 Fountaintrust | 1 Fountain Trust Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-4017 | 1 Saltstack | 1 Salt | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
|
|||||
| CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
|
|||||
| CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
|
|||||
| CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.
|
|||||
| CVE-2017-4981 | 1 Dell | 1 Bsafe Cert-c | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.
|
|||||
| CVE-2017-9583 | 1 Meafinancial | 1 Charlevoix State Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9568 | 1 Myfpcu | 1 Financial Plus Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
|
|||||
| CVE-2017-3212 | 1 Sccu | 1 Space Coast Credit Union | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9573 | 1 Northadamsbank | 1 Nasb Mobile Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9570 | 1 Meafinancial | 1 Mount Vernon Bank \& Trust Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2016-1252 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
|
|||||
| CVE-2013-7450 | 1 Pulpproject | 1 Pulp | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
|
|||||
| CVE-2017-9575 | 1 Meafinancial | 1 Fvb Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2017-9564 | 1 Meafinancial | 1 Community Banks Cb2go | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.
|
|||||