Total
1215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2025-04-20 | N/A |
| Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | ||||
| CVE-2016-3083 | 1 Apache | 1 Hive | 2025-04-20 | N/A |
| Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through. | ||||
| CVE-2017-9566 | 1 Meafinancial | 1 Fsb Dequeen Mobile Banking | 2025-04-20 | N/A |
| The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9594 | 1 Meafinancial | 1 Svb Mobile | 2025-04-20 | N/A |
| The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-8445 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. | ||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | N/A |
| GANMA! App for iOS does not verify SSL certificates. | ||||
| CVE-2017-5912 | 1 Forex | 1 Forextrader | 2025-04-20 | N/A |
| The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | ||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | N/A |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | ||||
| CVE-2017-2387 | 1 Apple | 1 Apple Music | 2025-04-20 | N/A |
| The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5914 | 1 Dotit-corp | 1 Banque Zitouna | 2025-04-20 | 5.9 Medium |
| The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-2402 | 1 Squareup | 2 Okhttp, Okhttp3 | 2025-04-20 | 5.9 Medium |
| OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | ||||
| CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2025-04-20 | N/A |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | ||||
| CVE-2017-8943 | 1 Puma | 1 Pumatrac | 2025-04-20 | 5.9 Medium |
| The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5911 | 1 Banco Santander Mexico Sa | 1 Supermovil | 2025-04-20 | N/A |
| The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-8936 | 1 Changyou | 1 Dolphin Web Browser | 2025-04-20 | 5.9 Medium |
| The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9569 | 1 Citizensbanktx | 1 Cbtx On The Go | 2025-04-20 | N/A |
| The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-3190 | 1 Axs | 1 Flash Seats | 2025-04-20 | N/A |
| Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2025-04-20 | N/A |
| Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2025-04-20 | N/A |
| The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||