Total
1102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |||||
| CVE-2017-5901 | 1 State Bank Of India | 1 State Bank Anywhere | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9570 | 1 Meafinancial | 1 Mount Vernon Bank \& Trust Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | |||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2017-9575 | 1 Meafinancial | 1 Fvb Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9562 | 1 Meafinancial | 1 Freedom 1st Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-11132 | 1 Heinekingmedia | 1 Stashcat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it. | |||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||||
| CVE-2017-9590 | 1 Sbw | 1 State Bank Of Waterloo Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8935 | 1 Gocivix | 1 Indiana Voters | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5911 | 1 Banco Santander Mexico Sa | 1 Supermovil | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8936 | 1 Changyou | 1 Dolphin Web Browser | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-2498 | 1 Apple | 1 Iphone Os | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |||||
| CVE-2017-9565 | 1 Meafinancial | 1 First Security Bank Sleepy Eye Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-1000007 | 1 Twistedmatrix | 1 Txaws | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | |||||
| CVE-2015-5619 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||||
| CVE-2017-9591 | 1 Mypcb | 1 Pcb Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||