Total
1215 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9571 | 1 Ccbank | 1 Ccb Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5915 | 1 Emirates Nbd Bank P.j.s.c | 2 Emirates Nbd, Emirates Nbd Ksa | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9560 | 1 Cayugalakenationalbank | 1 Cayuga Lake National Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2025-04-20 | 6.8 MEDIUM | 8.1 HIGH |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |||||
| CVE-2017-5911 | 1 Banco Santander Mexico Sa | 1 Supermovil | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-11132 | 1 Heinekingmedia | 1 Stashcat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it. | |||||
| CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | |||||
| CVE-2017-9569 | 1 Citizensbanktx | 1 Cbtx On The Go | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8943 | 1 Puma | 1 Pumatrac | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8060 | 1 Watchguard | 1 Panda Mobile Security | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||||
| CVE-2017-11501 | 1 Nixos Project | 1 Nixos | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. | |||||
| CVE-2015-5639 | 1 Dwango | 1 Niconico | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2017-5918 | 1 Banco De Costa Rica | 1 Bcr Movil | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5919 | 1 21st Century Insurance | 1 21st Century Insurance | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4680 | 2 Freeradius, Suse | 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||||
| CVE-2017-5916 | 1 America\'s First Federal Credit Union | 1 America\'s First Fcu Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | |||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | |||||
| CVE-2017-9562 | 1 Meafinancial | 1 Freedom 1st Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||