Total
1189 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2498 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |||||
| CVE-2017-9565 | 1 Meafinancial | 1 First Security Bank Sleepy Eye Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-1000007 | 1 Twistedmatrix | 1 Txaws | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | |||||
| CVE-2015-5619 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||||
| CVE-2017-9591 | 1 Mypcb | 1 Pcb Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3213 | 1 Think Mutual Bank | 1 Think Mutual Bank Mobile Banking App | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9586 | 1 Meafinancial | 1 Fsby Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2025-04-20 | 4.0 MEDIUM | 7.4 HIGH |
| Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2017-9595 | 1 Fsbbigfork | 1 First State Bank Of Bigfork Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3190 | 1 Axs | 1 Flash Seats | 2025-04-20 | 2.9 LOW | 7.5 HIGH |
| Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | |||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | |||||
| CVE-2016-3083 | 1 Apache | 1 Hive | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through. | |||||
| CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |||||
| CVE-2017-9578 | 1 Rivervalleycommunitybank | 1 Rvcb Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9561 | 1 Lbtc | 1 Lee Bank \& Trust | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-2402 | 1 Squareup | 2 Okhttp, Okhttp3 | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | |||||
| CVE-2017-8213 | 1 Huawei | 2 Smc2.0, Smc2.0 Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. | |||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | |||||