Total
1125 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5639 | 1 Dwango | 1 Niconico | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2017-9592 | 1 Meafinancial | 1 Your Legacy Federal Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1252 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | |||||
| CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-4981 | 1 Dell | 1 Bsafe Cert-c | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. | |||||
| CVE-2017-14420 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9581 | 1 Meafinancial | 1 Algonquin State Bank Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9559 | 1 Meafinancial | 1 Vision Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8301 | 1 Openbsd | 1 Libressl | 2025-04-20 | 2.6 LOW | 5.3 MEDIUM |
| LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-6144 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected. | |||||
| CVE-2017-9599 | 1 Fountaintrust | 1 Fountain Trust Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |||||
| CVE-2017-7322 | 1 Modx | 1 Modx Revolution | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | |||||
| CVE-2017-2299 | 1 Puppet | 1 Puppetlabs-apache | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | |||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | |||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | |||||
| CVE-2017-2387 | 1 Apple | 1 Apple Music | 2025-04-20 | 2.9 LOW | 4.8 MEDIUM |
| The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9567 | 1 Meafinancial | 1 Avb Bank Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||