Vulnerabilities (CVE)

Filtered by CWE-295
Total 1133 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5907 1 Great Southern Bank 1 Great Southern Mobile Banking 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-3563 1 Oracle 1 Vm Virtualbox 2025-04-20 4.6 MEDIUM 8.8 HIGH
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2015-4100 1 Puppet 1 Puppet Enterprise 2025-04-20 4.9 MEDIUM 6.8 MEDIUM
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
CVE-2017-11770 1 Microsoft 1 Aspnetcore 2025-04-20 5.0 MEDIUM 7.5 HIGH
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
CVE-2017-9564 1 Meafinancial 1 Community Banks Cb2go 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-4680 2 Freeradius, Suse 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit 2025-04-20 5.0 MEDIUM 7.5 HIGH
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2017-8943 1 Puma 1 Pumatrac 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2784 1 Arm 1 Mbed Tls 2025-04-20 6.8 MEDIUM 8.1 HIGH
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
CVE-2017-9601 1 Fnbkemp 1 Fnb Kemp Mobile Banking 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8058 1 Atlassian 1 Hipchat 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2016-5648 1 Acer 1 Acer Portal 2025-04-20 4.3 MEDIUM 5.3 MEDIUM
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
CVE-2017-9583 1 Meafinancial 1 Charlevoix State Bank 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9558 1 Wawacu 1 Wawa Employees Credit Union Mobile 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9593 1 Meafinancial 1 Oculina Mobile Banking 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1148 1 Photosynth 1 Akerun 2025-04-20 4.3 MEDIUM 8.1 HIGH
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
CVE-2017-11506 1 Tenable 1 Nessus 2025-04-20 5.8 MEDIUM 7.4 HIGH
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
CVE-2017-9574 1 Meafinancial 1 Kc Area Credit Union Mobile Banking 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-9892 1 Eset 2 Endpoint Antivirus, Endpoint Security 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.
CVE-2025-26478 2025-04-17 N/A 3.1 LOW
Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2022-32531 1 Apache 1 Bookkeeper 2025-04-17 N/A 5.9 MEDIUM
The Apache Bookkeeper Java Client (before 4.14.6 and also 4.15.0) does not close the connection to the bookkeeper server when TLS hostname verification fails. This leaves the bookkeeper client vulnerable to a man in the middle attack. The problem affects BookKeeper client prior to versions 4.14.6 and 4.15.1.