Total
1156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7932 | 1 Nxp | 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more | 2025-04-20 | 4.4 MEDIUM | 6.0 MEDIUM |
| An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image. | |||||
| CVE-2017-9577 | 1 Fcbl | 1 First Citizens Bank-mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2025-04-20 | 4.0 MEDIUM | 7.4 HIGH |
| Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||||
| CVE-2017-11501 | 1 Nixos Project | 1 Nixos | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf. | |||||
| CVE-2017-5653 | 1 Apache | 1 Cxf | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | |||||
| CVE-2017-9575 | 1 Meafinancial | 1 Fvb Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9593 | 1 Meafinancial | 1 Oculina Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-2402 | 1 Squareup | 2 Okhttp, Okhttp3 | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | |||||
| CVE-2016-4830 | 1 Akindo-sushiro | 1 Sushiro | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates. | |||||
| CVE-2017-9583 | 1 Meafinancial | 1 Charlevoix State Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9589 | 1 Meafinancial | 1 Scsb Shelbyville Il Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9590 | 1 Sbw | 1 State Bank Of Waterloo Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9758 | 1 Savitech-ic | 1 Savitech Driver | 2025-04-20 | 5.8 MEDIUM | 7.4 HIGH |
| Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | |||||
| CVE-2017-14419 | 2 D-link, Dlink | 2 Dir-850l Firmware, Dir-850l | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established. | |||||
| CVE-2017-9565 | 1 Meafinancial | 1 First Security Bank Sleepy Eye Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4467 | 1 Apache | 1 Qpid Proton | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | |||||
| CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | |||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| GANMA! App for iOS does not verify SSL certificates. | |||||