Total
956 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-14420 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-2913 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2023-12-10 | 2.6 LOW | 5.9 MEDIUM |
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
CVE-2017-9597 | 1 Meafinancial | 1 Blue Ridge Bank And Trust Co. Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
CVE-2015-2320 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | |||||
CVE-2017-9600 | 1 Meafinancial | 1 Peoples Bank Tulsa | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9560 | 1 Cayugalakenationalbank | 1 Cayuga Lake National Bank | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | |||||
CVE-2017-9573 | 1 Northadamsbank | 1 Nasb Mobile Bank | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9561 | 1 Lbtc | 1 Lee Bank \& Trust | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9590 | 1 Sbw | 1 State Bank Of Waterloo Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | |||||
CVE-2017-1000415 | 1 Matrixssl | 1 Matrixssl | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years. | |||||
CVE-2017-9564 | 1 Meafinancial | 1 Community Banks Cb2go | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | |||||
CVE-2016-1252 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | |||||
CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
CVE-2017-9596 | 1 Meafinancial | 1 Cfb Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9559 | 1 Meafinancial | 1 Vision Bank | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |