Total
1278 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2025-04-20 | 5.9 Medium |
| Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | ||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 8.1 High |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | ||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2025-04-20 | N/A |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | ||||
| CVE-2017-9758 | 1 Savitech-ic | 1 Savitech Driver | 2025-04-20 | N/A |
| Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | ||||
| CVE-2017-1000007 | 1 Twistedmatrix | 1 Txaws | 2025-04-20 | N/A |
| txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | ||||
| CVE-2015-4017 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | ||||
| CVE-2016-1252 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2025-04-20 | 5.9 Medium |
| The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | ||||
| CVE-2015-3886 | 1 Libinfinity Project | 1 Libinfinity | 2025-04-20 | N/A |
| libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | ||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2025-04-20 | N/A |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2025-04-20 | N/A |
| Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | ||||
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2025-04-20 | N/A |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | ||||
| CVE-2015-5639 | 1 Dwango | 1 Niconico | 2025-04-20 | N/A |
| niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | ||||
| CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2025-04-20 | N/A |
| OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | ||||
| CVE-2017-5916 | 1 America\'s First Federal Credit Union | 1 America\'s First Fcu Mobile Banking | 2025-04-20 | N/A |
| The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5915 | 1 Emirates Nbd Bank P.j.s.c | 2 Emirates Nbd, Emirates Nbd Ksa | 2025-04-20 | N/A |
| The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-9015 | 1 Python | 1 Urllib3 | 2025-04-20 | N/A |
| Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | ||||
| CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2025-04-20 | N/A |
| The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | ||||
| CVE-2015-4100 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | N/A |
| Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | ||||
| CVE-2017-8939 | 1 Warnerbros | 1 Ellentube | 2025-04-20 | 5.9 Medium |
| The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2025-04-20 | N/A |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | ||||