Total
1158 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2025-04-20 | 8.1 High |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | ||||
| CVE-2017-9563 | 1 Meafinancial | 1 Fccb | 2025-04-20 | N/A |
| The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2013-7450 | 1 Pulpproject | 1 Pulp | 2025-04-20 | N/A |
| Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | ||||
| CVE-2017-2299 | 1 Puppet | 1 Puppetlabs-apache | 2025-04-20 | N/A |
| Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD. | ||||
| CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2025-04-20 | N/A |
| Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | ||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2025-04-20 | 5.9 Medium |
| MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | ||||
| CVE-2017-11132 | 1 Heinekingmedia | 1 Stashcat | 2025-04-20 | 7.5 High |
| An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it. | ||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2025-04-20 | N/A |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | ||||
| CVE-2017-11501 | 1 Nixos Project | 1 Nixos | 2025-04-20 | N/A |
| NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. | ||||
| CVE-2017-11770 | 2 Microsoft, Redhat | 2 Aspnetcore, Rhel Dotnet | 2025-04-20 | N/A |
| .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | ||||
| CVE-2017-9566 | 1 Meafinancial | 1 Fsb Dequeen Mobile Banking | 2025-04-20 | N/A |
| The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5918 | 1 Banco De Costa Rica | 1 Bcr Movil | 2025-04-20 | N/A |
| The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9592 | 1 Meafinancial | 1 Your Legacy Federal Credit Union Mobile Banking | 2025-04-20 | N/A |
| The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-12228 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-20 | N/A |
| A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. | ||||
| CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | ||||
| CVE-2017-9580 | 1 Meafinancial | 1 Pioneer Bank \& Trust Mobile Banking | 2025-04-20 | N/A |
| The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2025-04-20 | N/A |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-14419 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2025-04-20 | 5.9 Medium |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | ||||
| CVE-2017-14582 | 1 Zohocorp | 1 Site24x7 Mobile Network Poller | 2025-04-20 | N/A |
| The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | ||||
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2025-04-20 | N/A |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | ||||