Total
1039 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | |||||
CVE-2015-2320 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | |||||
CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | |||||
CVE-2017-9758 | 1 Savitech-ic | 1 Savitech Driver | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | |||||
CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | |||||
CVE-2017-1000209 | 1 Nv-websocket-client Project | 1 Nv-websocket-client | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate. | |||||
CVE-2015-5639 | 1 Dwango | 1 Niconico | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||||
CVE-2015-6358 | 1 Cisco | 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | |||||
CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | |||||
CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | |||||
CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | |||||
CVE-2017-12228 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171. | |||||
CVE-2017-6594 | 2 Heimdal Project, Opensuse | 2 Heimdal, Leap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | |||||
CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | |||||
CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
CVE-2018-5258 | 1 Banconeon | 1 Neon | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2981 | 1 Yodobashi | 1 Yodobashi | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2024-02-28 | 4.0 MEDIUM | 7.4 HIGH |
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||||
CVE-2016-10511 | 1 Twitter | 1 Twitter | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. |