Total
1215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9568 | 1 Myfpcu | 1 Financial Plus Mobile Banking | 2025-04-20 | N/A |
| The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-5906 | 1 Everyday Health Inc | 1 Diabetes In Check\ | 2025-04-20 | N/A |
| The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9584 | 1 Heritagebankozarks | 1 Hbo Mobile Banking | 2025-04-20 | N/A |
| The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-4832 | 1 Aeon | 1 Waon | 2025-04-20 | N/A |
| WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | ||||
| CVE-2017-5914 | 1 Dotit-corp | 1 Banque Zitouna | 2025-04-20 | 5.9 Medium |
| The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9587 | 1 Meafinancial | 1 Pcsb Bank Mobile | 2025-04-20 | N/A |
| The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2025-04-20 | N/A |
| Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2025-04-20 | N/A |
| The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2025-04-20 | N/A |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | ||||
| CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2025-04-20 | 5.9 Medium |
| Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | ||||
| CVE-2017-5887 | 1 Starscream Project | 1 Starscream | 2025-04-20 | N/A |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | ||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 8.1 High |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | ||||
| CVE-2017-10819 | 1 Intercom | 1 Malion | 2025-04-20 | 5.9 Medium |
| MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | ||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2025-04-20 | N/A |
| Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | ||||
| CVE-2017-8059 | 1 Foxitsoftware | 1 Foxit Pdf | 2025-04-20 | N/A |
| Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | ||||
| CVE-2017-17718 | 2 Net-ldap Project, Redhat | 3 Net-ldap, Satellite, Satellite Capsule | 2025-04-20 | N/A |
| The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | ||||
| CVE-2017-3190 | 1 Axs | 1 Flash Seats | 2025-04-20 | N/A |
| Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks. | ||||
| CVE-2017-9589 | 1 Meafinancial | 1 Scsb Shelbyville Il Mobile Banking | 2025-04-20 | N/A |
| The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-1000256 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2025-04-20 | 8.1 High |
| libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | ||||
| CVE-2017-9573 | 1 Northadamsbank | 1 Nasb Mobile Bank | 2025-04-20 | N/A |
| The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||