Total
955 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | |||||
| CVE-2017-9566 | 1 Meafinancial | 1 Fsb Dequeen Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5639 | 1 Dwango | 1 Niconico | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2018-0786 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | |||||
| CVE-2017-9585 | 1 Csb-lamar | 1 Community State Bank-lamar | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | |||||
| CVE-2017-2299 | 1 Puppet | 1 Puppetlabs-apache | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | |||||
| CVE-2017-2800 | 1 Wolfssl | 1 Wolfssl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. | |||||
| CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | |||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2017-7080 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate. | |||||
| CVE-2017-8213 | 1 Huawei | 2 Smc2.0, Smc2.0 Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. | |||||
| CVE-2017-6144 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2023-12-10 | 5.8 MEDIUM | 7.4 HIGH |
| In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected. | |||||
| CVE-2017-9565 | 1 Meafinancial | 1 First Security Bank Sleepy Eye Mobile | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9568 | 1 Myfpcu | 1 Financial Plus Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9583 | 1 Meafinancial | 1 Charlevoix State Bank | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9575 | 1 Meafinancial | 1 Fvb Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7242 | 1 Ms-ins | 2 Sumaho, Sumaho Driving Capability Diagnosis | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | |||||
| CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2023-12-10 | 4.0 MEDIUM | 7.4 HIGH |
| Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | |||||