Total
1040 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8941 | 1 Interval International | 1 Interval International | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8940 | 1 Zipongo Inc. | 1 Healthy Recipes And Grocery Deals | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8939 | 1 Warnerbros | 1 Ellentube | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8938 | 1 Radiojavan | 1 Radio Javan | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8936 | 1 Changyou | 1 Dolphin Web Browser | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8935 | 1 Gocivix | 1 Indiana Voters | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8445 | 1 Elastic | 1 X-pack | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. | |||||
| CVE-2017-8301 | 1 Openbsd | 1 Libressl | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | |||||
| CVE-2017-8213 | 1 Huawei | 2 Smc2.0, Smc2.0 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. | |||||
| CVE-2017-8060 | 1 Watchguard | 1 Panda Mobile Security | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2017-8059 | 1 Foxitsoftware | 1 Foxit Pdf | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | |||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | |||||
| CVE-2017-7932 | 1 Nxp | 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more | 2024-11-21 | 4.4 MEDIUM | 6.0 MEDIUM |
| An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image. | |||||
| CVE-2017-7726 | 1 Ismartalarm | 2 Cubeone, Cubeone Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability. | |||||
| CVE-2017-7562 | 2 Mit, Redhat | 5 Kerberos 5, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances. | |||||
| CVE-2017-7513 | 1 Redhat | 1 Satellite | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| It was found that Satellite 5 configured with SSL/TLS for the PostgreSQL backend failed to correctly validate X.509 server certificate host name fields. A man-in-the-middle attacker could use this flaw to spoof a PostgreSQL server using a specially crafted X.509 certificate. | |||||
| CVE-2017-7468 | 1 Haxx | 1 Libcurl | 2024-11-21 | 5.0 MEDIUM | 4.8 MEDIUM |
| In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range. | |||||
| CVE-2017-7429 | 2 Microfocus, Netiq | 2 Edirectory, Edirectory | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server. | |||||