Total
1005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9586 | 1 Meafinancial | 1 Fsby Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8445 | 1 Elastic | 1 X-pack | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. | |||||
CVE-2017-9588 | 1 Meafinancial | 1 Oritani Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-2913 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-02-28 | 2.6 LOW | 5.9 MEDIUM |
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. | |||||
CVE-2017-11501 | 1 Nixos Project | 1 Nixos | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. | |||||
CVE-2017-9580 | 1 Meafinancial | 1 Pioneer Bank \& Trust Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
CVE-2017-9577 | 1 Fcbl | 1 First Citizens Bank-mobile | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-4100 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability." | |||||
CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | |||||
CVE-2017-9568 | 1 Myfpcu | 1 Financial Plus Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-2800 | 1 Wolfssl | 1 Wolfssl | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library. | |||||
CVE-2017-9600 | 1 Meafinancial | 1 Peoples Bank Tulsa | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9601 | 1 Fnbkemp | 1 Fnb Kemp Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9576 | 1 Mononabank | 1 Middleton Community Bank Mobile | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-15528 | 1 Norton | 1 Install Norton Security | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target. | |||||
CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||||
CVE-2018-0786 | 1 Microsoft | 10 .net Core, .net Framework, Powershell Core and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability." | |||||
CVE-2017-9592 | 1 Meafinancial | 1 Your Legacy Federal Credit Union Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. |