Filtered by CWE-295
Total 1198 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-2330 1 Webkitgtk 1 Webkitgtk 2025-04-20 N/A
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
CVE-2017-6594 2 Heimdal Project, Opensuse 2 Heimdal, Leap 2025-04-20 7.5 High
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2017-9598 1 Meafinancial 1 Morton Credit Union Mobile Banking 2025-04-20 N/A
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9591 1 Mypcb 1 Pcb Mobile 2025-04-20 5.9 Medium
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1186 1 Cybozu 1 Kintone 2025-04-20 N/A
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
CVE-2017-9595 1 Fsbbigfork 1 First State Bank Of Bigfork Mobile Banking 2025-04-20 N/A
The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8940 1 Zipongo Inc. 1 Healthy Recipes And Grocery Deals 2025-04-20 N/A
The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2913 1 Meetcircle 2 Circle With Disney, Circle With Disney Firmware 2025-04-20 5.9 Medium
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.
CVE-2015-2943 1 Honda 1 Moto Linc 2025-04-20 N/A
Honda Moto LINC 1.6.1 does not verify SSL certificates.
CVE-2017-3190 1 Axs 1 Flash Seats 2025-04-20 N/A
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2017-3194 1 Pandora 1 Pandora 2025-04-20 N/A
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2017-3213 1 Think Mutual Bank 1 Think Mutual Bank Mobile Banking App 2025-04-20 N/A
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-3218 1 Samsung 1 Magician 2025-04-20 N/A
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
CVE-2016-1184 1 Tokyostarbank 1 Tokyo Star Bank 2025-04-20 5.9 Medium
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
CVE-2016-1148 1 Photosynth 1 Akerun 2025-04-20 8.1 High
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
CVE-2016-1132 1 Docomo 1 Shoplat 2025-04-20 N/A
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
CVE-2017-15114 1 Redhat 1 Openstack Platform 2025-04-20 N/A
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
CVE-2017-5902 1 Payquicker 1 Mypayquicker 2025-04-20 5.9 Medium
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8938 1 Radiojavan 1 Radio Javan 2025-04-20 5.9 Medium
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8935 1 Gocivix 1 Indiana Voters 2025-04-20 5.9 Medium
The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.