Total
1005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-9574 | 1 Meafinancial | 1 Kc Area Credit Union Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9575 | 1 Meafinancial | 1 Fvb Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9573 | 1 Northadamsbank | 1 Nasb Mobile Bank | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | |||||
CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
CVE-2017-12228 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. | |||||
CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||||
CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-6594 | 2 Heimdal Project, Opensuse | 2 Heimdal, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | |||||
CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | |||||
CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
CVE-2018-5258 | 1 Banconeon | 1 Neon | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9572 | 1 Athensstatebank | 1 Athens State Bank Mobile | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9579 | 1 Meafinancial | 1 Jmcu Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9562 | 1 Meafinancial | 1 Freedom 1st Credit Union Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-9596 | 1 Meafinancial | 1 Cfb Mobile Banking | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | |||||
CVE-2015-2981 | 1 Yodobashi | 1 Yodobashi | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2024-02-28 | 4.0 MEDIUM | 7.4 HIGH |
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||||
CVE-2016-10511 | 1 Twitter | 1 Twitter | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. |