Total
959 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5912 | 1 Forex | 1 Forextrader | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-9015 | 1 Python | 1 Urllib3 | 2023-12-10 | 2.6 LOW | 3.7 LOW |
Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | |||||
CVE-2017-5919 | 1 21st Century Insurance | 1 21st Century Insurance | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-7171 | 1 Netapp | 1 Netapp Plug-in | 2023-12-10 | 6.8 MEDIUM | 5.6 MEDIUM |
NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | |||||
CVE-2017-5653 | 1 Apache | 1 Cxf | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | |||||
CVE-2017-3212 | 1 Sccu | 1 Space Coast Credit Union | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5914 | 1 Dotit-corp | 1 Banque Zitouna | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-4832 | 1 Aeon | 1 Waon | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||||
CVE-2017-7322 | 1 Modx | 1 Modx Revolution | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | |||||
CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||||
CVE-2017-8942 | 1 Yottamark Inc. | 1 Shopwell - Healthy Diet \& Grocery Food Scanner | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8936 | 1 Changyou | 1 Dolphin Web Browser | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5911 | 1 Banco Santander Mexico Sa | 1 Supermovil | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-5916 | 1 America\'s First Federal Credit Union | 1 America\'s First Fcu Mobile Banking | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||||
CVE-2015-8960 | 7 Apple, Google, Ietf and 4 more | 18 Safari, Chrome, Transport Layer Security and 15 more | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. |