Total
959 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||||
CVE-2017-14419 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | |||||
CVE-2017-9581 | 1 Meafinancial | 1 Algonquin State Bank Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-4017 | 1 Saltstack | 1 Salt | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | |||||
CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
CVE-2017-9562 | 1 Meafinancial | 1 Freedom 1st Credit Union Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
CVE-2017-9593 | 1 Meafinancial | 1 Oculina Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2018-5258 | 1 Banconeon | 1 Neon | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9588 | 1 Meafinancial | 1 Oritani Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9594 | 1 Meafinancial | 1 Svb Mobile | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9558 | 1 Wawacu | 1 Wawa Employees Credit Union Mobile | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
GANMA! App for iOS does not verify SSL certificates. | |||||
CVE-2014-3607 | 1 Ldaptive | 2 Ldaptive, Vt-ldap | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
CVE-2017-9570 | 1 Meafinancial | 1 Mount Vernon Bank \& Trust Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9569 | 1 Citizensbanktx | 1 Cbtx On The Go | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-11770 | 1 Microsoft | 1 Aspnetcore | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | |||||
CVE-2017-9579 | 1 Meafinancial | 1 Jmcu Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |