Total
1005 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5912 | 1 Forex | 1 Forextrader | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8060 | 1 Watchguard | 1 Panda Mobile Security | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
CVE-2017-3563 | 1 Oracle | 1 Vm Virtualbox | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2017-5901 | 1 State Bank Of India | 1 State Bank Anywhere | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||||
CVE-2017-8301 | 1 Openbsd | 1 Libressl | 2024-02-28 | 2.6 LOW | 5.3 MEDIUM |
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx. | |||||
CVE-2017-8940 | 1 Zipongo Inc. | 1 Healthy Recipes And Grocery Deals | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | |||||
CVE-2017-5653 | 1 Apache | 1 Cxf | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | |||||
CVE-2016-4832 | 1 Aeon | 1 Waon | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||||
CVE-2017-5887 | 1 Starscream Project | 1 Starscream | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | |||||
CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |||||
CVE-2017-8939 | 1 Warnerbros | 1 Ellentube | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-8935 | 1 Gocivix | 1 Indiana Voters | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |||||
CVE-2017-8059 | 1 Foxitsoftware | 1 Foxit Pdf | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | |||||
CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||||
CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2024-02-28 | 4.9 MEDIUM | 4.2 MEDIUM |
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||||
CVE-2013-7450 | 1 Pulpproject | 1 Pulp | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | |||||
CVE-2017-5919 | 1 21st Century Insurance | 1 21st Century Insurance | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |