Total
976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2017-08-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
| CVE-2017-11506 | 1 Tenable | 1 Nessus | 2017-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. | |||||
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2017-08-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | |||||
| CVE-2017-1000007 | 1 Twistedmatrix | 1 Txaws | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | |||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2017-07-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2015-3886 | 1 Libinfinity Project | 1 Libinfinity | 2017-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2017-0129 | 1 Microsoft | 1 Lync For Mac | 2017-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | |||||
| CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2017-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |||||
| CVE-2017-2498 | 1 Apple | 1 Iphone Os | 2017-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |||||
| CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2017-06-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2017-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2017-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | |||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2017-05-10 | 4.9 MEDIUM | 4.2 MEDIUM |
| Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||||
| CVE-2017-2110 | 1 Nissan Securities | 1 Access Cx | 2017-05-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2017-04-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2017-04-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4832 | 1 Aeon | 1 Waon | 2017-04-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||||