Total
959 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8935 | 1 Gocivix | 1 Indiana Voters | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2023-12-10 | 4.3 MEDIUM | 8.1 HIGH |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||||
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | |||||
| CVE-2016-4467 | 1 Apache | 1 Qpid Proton | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2017-5901 | 1 State Bank Of India | 1 State Bank Anywhere | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-0248 | 1 Microsoft | 1 .net Framework | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | |||||
| CVE-2013-7450 | 1 Pulpproject | 1 Pulp | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | |||||
| CVE-2017-2110 | 1 Nissan Securities | 1 Access Cx | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2023-12-10 | 4.9 MEDIUM | 4.2 MEDIUM |
| Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||||
| CVE-2017-8941 | 1 Interval International | 1 Interval International | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5887 | 1 Starscream Project | 1 Starscream | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | |||||
| CVE-2017-5915 | 1 Emirates Nbd Bank P.j.s.c | 2 Emirates Nbd, Emirates Nbd Ksa | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-2784 | 1 Arm | 1 Mbed Tls | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
| An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | |||||
| CVE-2016-2402 | 1 Squareup | 2 Okhttp, Okhttp3 | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | |||||
| CVE-2017-2498 | 1 Apple | 1 Iphone Os | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |||||
| CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |||||
| CVE-2017-0129 | 1 Microsoft | 1 Lync For Mac | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | |||||
| CVE-2017-5906 | 1 Everyday Health Inc | 1 Diabetes In Check\ | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4818 | 1 Dmm | 3 Dmmfx Demo Trade, Dmmfx Trade, Gaitamejapan Fx Trade | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | |||||
| CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | |||||