Total
1198 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2025-04-20 | N/A |
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | ||||
CVE-2017-6594 | 2 Heimdal Project, Opensuse | 2 Heimdal, Leap | 2025-04-20 | 7.5 High |
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | ||||
CVE-2017-9598 | 1 Meafinancial | 1 Morton Credit Union Mobile Banking | 2025-04-20 | N/A |
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2017-9591 | 1 Mypcb | 1 Pcb Mobile | 2025-04-20 | 5.9 Medium |
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | N/A |
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | ||||
CVE-2017-9595 | 1 Fsbbigfork | 1 First State Bank Of Bigfork Mobile Banking | 2025-04-20 | N/A |
The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2017-8940 | 1 Zipongo Inc. | 1 Healthy Recipes And Grocery Deals | 2025-04-20 | N/A |
The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2017-2913 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2025-04-20 | 5.9 Medium |
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | ||||
CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2025-04-20 | N/A |
Honda Moto LINC 1.6.1 does not verify SSL certificates. | ||||
CVE-2017-3190 | 1 Axs | 1 Flash Seats | 2025-04-20 | N/A |
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||||
CVE-2017-3194 | 1 Pandora | 1 Pandora | 2025-04-20 | N/A |
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||||
CVE-2017-3213 | 1 Think Mutual Bank | 1 Think Mutual Bank Mobile Banking App | 2025-04-20 | N/A |
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2017-3218 | 1 Samsung | 1 Magician | 2025-04-20 | N/A |
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | ||||
CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2025-04-20 | 5.9 Medium |
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | ||||
CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 8.1 High |
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | ||||
CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2025-04-20 | N/A |
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | ||||
CVE-2017-15114 | 1 Redhat | 1 Openstack Platform | 2025-04-20 | N/A |
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. | ||||
CVE-2017-5902 | 1 Payquicker | 1 Mypayquicker | 2025-04-20 | 5.9 Medium |
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2017-8938 | 1 Radiojavan | 1 Radio Javan | 2025-04-20 | 5.9 Medium |
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2017-8935 | 1 Gocivix | 1 Indiana Voters | 2025-04-20 | 5.9 Medium |
The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |