Total
1039 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | |||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||||
| CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | |||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | |||||
| CVE-2016-11086 | 1 Oauth-ruby Project | 1 Oauth-ruby | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | |||||
| CVE-2016-11076 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL. | |||||
| CVE-2016-10937 | 4 Debian, Fedoraproject, Imapfilter Project and 1 more | 5 Debian Linux, Fedora, Imapfilter and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IMAPFilter through 2.6.12 does not validate the hostname in an SSL certificate. | |||||
| CVE-2016-10931 | 1 Rust-openssl Project | 1 Rust-openssl | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification. | |||||
| CVE-2016-10536 | 1 Socket | 1 Engine.io-client | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the way that node.js handles the `rejectUnauthorized` setting. If the value is something that evaluates to false, certificate verification will be disabled. This is problematic as engine.io-client 1.6.8 and earlier passes in an object for settings that includes the rejectUnauthorized property, whether it has been set or not. If the value has not been explicitly changed, it will be passed in as `null`, resulting in certificate verification being turned off. | |||||
| CVE-2016-10534 | 1 Electron-packager Project | 1 Electron-packager | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack. | |||||
| CVE-2016-10511 | 1 Twitter | 1 Twitter | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | |||||
| CVE-2016-1000033 | 2 Gnome, Redhat | 2 Shotwell, Enterprise Linux | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | |||||
| CVE-2016-1000030 | 2 Pidgin, Suse | 2 Pidgin, Linux Enterprise Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0. | |||||
| CVE-2015-8960 | 7 Apple, Google, Ietf and 4 more | 18 Safari, Chrome, Transport Layer Security and 15 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. | |||||
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | |||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| GANMA! App for iOS does not verify SSL certificates. | |||||
| CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | |||||
| CVE-2015-6358 | 1 Cisco | 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | |||||