Total
1192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 8.1 High |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | ||||
| CVE-2017-1000209 | 1 Nv-websocket-client Project | 1 Nv-websocket-client | 2025-04-20 | N/A |
| The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | ||||
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2025-04-20 | N/A |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | ||||
| CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2025-04-20 | N/A |
| Honda Moto LINC 1.6.1 does not verify SSL certificates. | ||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2025-04-20 | N/A |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | ||||
| CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2025-04-20 | N/A |
| Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | ||||
| CVE-2015-6358 | 1 Cisco | 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more | 2025-04-20 | N/A |
| Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | ||||
| CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2025-04-20 | N/A |
| Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | ||||
| CVE-2015-5619 | 2 Elastic, Elasticsearch | 2 Logstash, Logstash | 2025-04-20 | N/A |
| Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2025-04-20 | N/A |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | ||||
| CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2025-04-20 | 5.9 Medium |
| The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5912 | 1 Forex | 1 Forextrader | 2025-04-20 | N/A |
| The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5913 | 1 Forex | 1 Tradeking Forex | 2025-04-20 | N/A |
| The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5914 | 1 Dotit-corp | 1 Banque Zitouna | 2025-04-20 | 5.9 Medium |
| The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2025-04-20 | N/A |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2025-04-20 | N/A |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | ||||
| CVE-2017-8939 | 1 Warnerbros | 1 Ellentube | 2025-04-20 | 5.9 Medium |
| The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2025-04-20 | N/A |
| FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | ||||
| CVE-2016-9015 | 1 Python | 1 Urllib3 | 2025-04-20 | N/A |
| Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | ||||
| CVE-2016-4467 | 1 Apache | 1 Qpid Proton | 2025-04-20 | N/A |
| The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | ||||