Vulnerabilities (CVE)

Filtered by CWE-295
Total 951 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-2836 2 Debian, Freerdp 2 Debian Linux, Freerdp 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
CVE-2018-10406 1 Yelp 1 Osxcollector 2023-12-10 6.8 MEDIUM 7.8 HIGH
An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
CVE-2018-0611 1 Ana 1 Ana 2023-12-10 5.8 MEDIUM 7.4 HIGH
The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-6143 1 F5 2 Big-ip Advanced Firewall Manager, Big-ip Application Security Manager 2023-12-10 5.8 MEDIUM 5.4 MEDIUM
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.
CVE-2018-12499 1 Motorola 2 Mbp853, Mbp853 Firmware 2023-12-10 5.8 MEDIUM 7.4 HIGH
The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate.
CVE-2018-5464 1 Philips 1 Intellispace Portal 2023-12-10 5.0 MEDIUM 7.5 HIGH
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
CVE-2015-6358 1 Cisco 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
CVE-2017-9598 1 Meafinancial 1 Morton Credit Union Mobile Banking 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-2319 1 Mono-project 1 Mono 2023-12-10 5.0 MEDIUM 7.5 HIGH
The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
CVE-2015-0874 3 Apple, Google, Okb 3 Iphone Os, Android, Smart Passbook 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
CVE-2015-5263 1 Pulpproject 1 Pulp 2023-12-10 6.8 MEDIUM 8.1 HIGH
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
CVE-2017-1000097 1 Golang 1 Go 2023-12-10 5.0 MEDIUM 7.5 HIGH
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
CVE-2015-2981 1 Yodobashi 1 Yodobashi 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9589 1 Meafinancial 1 Scsb Shelbyville Il Mobile Banking 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9578 1 Rivervalleycommunitybank 1 Rvcb Mobile 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-8231 1 Lenovo 1 Lenovo Service Bridge 2023-12-10 5.0 MEDIUM 7.5 HIGH
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
CVE-2015-2674 1 Restkit 1 Restkit 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.
CVE-2017-9566 1 Meafinancial 1 Fsb Dequeen Mobile Banking 2023-12-10 4.3 MEDIUM 5.9 MEDIUM
The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-5639 1 Dwango 1 Niconico 2023-12-10 5.8 MEDIUM 7.4 HIGH
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.
CVE-2018-0786 1 Microsoft 10 .net Core, .net Framework, Powershell Core and 7 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."