Total
1133 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5907 | 1 Great Southern Bank | 1 Great Southern Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-3563 | 1 Oracle | 1 Vm Virtualbox | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2015-4100 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 4.9 MEDIUM | 6.8 MEDIUM |
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | |||||
CVE-2017-11770 | 1 Microsoft | 1 Aspnetcore | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | |||||
CVE-2017-9564 | 1 Meafinancial | 1 Community Banks Cb2go | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
CVE-2017-8943 | 1 Puma | 1 Pumatrac | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-2784 | 1 Arm | 1 Mbed Tls | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | |||||
CVE-2017-9601 | 1 Fnbkemp | 1 Fnb Kemp Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2025-04-20 | 4.3 MEDIUM | 5.3 MEDIUM |
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||||
CVE-2017-9583 | 1 Meafinancial | 1 Charlevoix State Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9558 | 1 Wawacu | 1 Wawa Employees Credit Union Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9593 | 1 Meafinancial | 1 Oculina Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 4.3 MEDIUM | 8.1 HIGH |
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||||
CVE-2017-11506 | 1 Tenable | 1 Nessus | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. | |||||
CVE-2017-9574 | 1 Meafinancial | 1 Kc Area Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-9892 | 1 Eset | 2 Endpoint Antivirus, Endpoint Security | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. | |||||
CVE-2025-26478 | 2025-04-17 | N/A | 3.1 LOW | ||
Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | |||||
CVE-2022-32531 | 1 Apache | 1 Bookkeeper | 2025-04-17 | N/A | 5.9 MEDIUM |
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1. |