Total
1192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4017 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | ||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2025-04-20 | N/A |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9596 | 1 Meafinancial | 1 Cfb Mobile Banking | 2025-04-20 | N/A |
| The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-7662 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Security" component, which allows remote attackers to spoof certificates via unspecified vectors. | ||||
| CVE-2017-9588 | 1 Meafinancial | 1 Oritani Mobile Banking | 2025-04-20 | N/A |
| The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-2387 | 1 Apple | 1 Apple Music | 2025-04-20 | N/A |
| The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-7406 | 1 Dlink | 1 Dir-615 | 2025-04-20 | 9.8 Critical |
| The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of the authenticated pages. Also, it doesn't allow the user to generate his own SSL Certificate. An attacker can simply monitor network traffic to steal a user's credentials and/or credentials of users being added while sniffing the traffic. | ||||
| CVE-2017-9580 | 1 Meafinancial | 1 Pioneer Bank \& Trust Mobile Banking | 2025-04-20 | N/A |
| The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2025-04-20 | N/A |
| Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | ||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2025-04-20 | N/A |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | ||||
| CVE-2017-9572 | 1 Athensstatebank | 1 Athens State Bank Mobile | 2025-04-20 | N/A |
| The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-9892 | 1 Eset | 2 Endpoint Antivirus, Endpoint Security | 2025-04-20 | N/A |
| The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. | ||||
| CVE-2017-5905 | 1 Dollar Bank | 1 Dollar Bank Mobile | 2025-04-20 | 5.9 Medium |
| The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2025-04-20 | N/A |
| DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | ||||
| CVE-2017-9570 | 1 Meafinancial | 1 Mount Vernon Bank \& Trust Mobile Banking | 2025-04-20 | N/A |
| The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9564 | 1 Meafinancial | 1 Community Banks Cb2go | 2025-04-20 | N/A |
| The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7242 | 1 Ms-ins | 2 Sumaho, Sumaho Driving Capability Diagnosis | 2025-04-20 | N/A |
| The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | ||||
| CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | N/A |
| There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | ||||
| CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2025-04-20 | 7.5 High |
| iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | ||||
| CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2025-04-20 | N/A |
| The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||