Total
960 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | |||||
CVE-2016-1198 | 1 Ntt | 1 Photopt | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Photopt for Android before 2.0.1 does not verify SSL certificates. | |||||
CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |||||
CVE-2016-9892 | 1 Eset | 2 Endpoint Antivirus, Endpoint Security | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. | |||||
CVE-2016-1519 | 1 Grandstream | 1 Wave | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | |||||
CVE-2017-5909 | 1 Electronic Funds Source Llc | 1 Efs Mobile Driver Source | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5902 | 1 Payquicker | 1 Mypayquicker | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8060 | 1 Watchguard | 1 Panda Mobile Security | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
CVE-2017-8943 | 1 Puma | 1 Pumatrac | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5918 | 1 Banco De Costa Rica | 1 Bcr Movil | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-4830 | 1 Akindo-sushiro | 1 Sushiro | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | |||||
CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | |||||
CVE-2017-8938 | 1 Radiojavan | 1 Radio Javan | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||||
CVE-2016-5016 | 1 Pivotal Software | 4 Cloud Foundry, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa and 1 more | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired. | |||||
CVE-2017-3563 | 1 Oracle | 1 Vm Virtualbox | 2023-12-10 | 4.6 MEDIUM | 8.8 HIGH |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2017-8940 | 1 Zipongo Inc. | 1 Healthy Recipes And Grocery Deals | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||||
CVE-2017-2387 | 1 Apple | 1 Apple Music | 2023-12-10 | 2.9 LOW | 4.8 MEDIUM |
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2013-6662 | 1 Google | 1 Chrome | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Google Chrome caches TLS sessions before certificate validation occurs. |