Total
959 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | |||||
CVE-2017-9576 | 1 Mononabank | 1 Middleton Community Bank Mobile | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9587 | 1 Meafinancial | 1 Pcsb Bank Mobile | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-17718 | 1 Net-ldap Project | 1 Net-ldap | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | |||||
CVE-2016-10511 | 1 Twitter | 1 Twitter | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | |||||
CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||||
CVE-2017-1000209 | 1 Nv-websocket-client Project | 1 Nv-websocket-client | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | |||||
CVE-2017-9574 | 1 Meafinancial | 1 Kc Area Credit Union Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9582 | 1 Bradynationalbank | 1 Bnb Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9571 | 1 Ccbank | 1 Ccb Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | |||||
CVE-2017-8301 | 1 Openbsd | 1 Libressl | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | |||||
CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5907 | 1 Great Southern Bank | 1 Great Southern Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-3213 | 1 Think Mutual Bank | 1 Think Mutual Bank Mobile Banking App | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8939 | 1 Warnerbros | 1 Ellentube | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-4840 | 1 Toshiba | 1 Coordinate Plus | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates. | |||||
CVE-2017-8059 | 1 Foxitsoftware | 1 Foxit Pdf | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | |||||
CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | |||||
CVE-2017-5913 | 1 Forex | 1 Tradeking Forex | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |