Total
1158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9015 | 1 Python | 1 Urllib3 | 2025-04-20 | 2.6 LOW | 3.7 LOW |
| Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | |||||
| CVE-2017-3212 | 1 Sccu | 1 Space Coast Credit Union | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9596 | 1 Meafinancial | 1 Cfb Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | |||||
| CVE-2017-0129 | 1 Microsoft | 1 Lync For Mac | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | |||||
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | |||||
| CVE-2017-1000097 | 1 Golang | 1 Go | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. | |||||
| CVE-2017-8941 | 1 Interval International | 1 Interval International | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| GANMA! App for iOS does not verify SSL certificates. | |||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
| CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
| CVE-2017-9597 | 1 Meafinancial | 1 Blue Ridge Bank And Trust Co. Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9563 | 1 Meafinancial | 1 Fccb | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5906 | 1 Everyday Health Inc | 1 Diabetes In Check\ | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9566 | 1 Meafinancial | 1 Fsb Dequeen Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-6594 | 2 Heimdal Project, Opensuse | 2 Heimdal, Leap | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | |||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | |||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-2800 | 1 Wolfssl | 1 Wolfssl | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. | |||||