Search
Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5916 | 1 America\'s First Federal Credit Union | 1 America\'s First Fcu Mobile Banking | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5919 | 1 21st Century Insurance | 1 21st Century Insurance | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2017-5907 | 1 Great Southern Bank | 1 Great Southern Mobile Banking | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5906 | 1 Everyday Health Inc | 1 Diabetes In Check\ | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5901 | 1 State Bank Of India | 1 State Bank Anywhere | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3213 | 1 Think Mutual Bank | 1 Think Mutual Bank Mobile Banking App | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2017-05-10 | 4.9 MEDIUM | 4.2 MEDIUM |
| Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||||
| CVE-2017-2110 | 1 Nissan Securities | 1 Access Cx | 2017-05-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2017-04-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2017-04-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4832 | 1 Aeon | 1 Waon | 2017-04-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | |||||
| CVE-2016-4818 | 1 Dmm | 3 Dmmfx Demo Trade, Dmmfx Trade, Gaitamejapan Fx Trade | 2017-04-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | |||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2017-04-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | |||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2017-04-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | |||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2017-04-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | |||||
| CVE-2013-6662 | 1 Google | 1 Chrome | 2017-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| Google Chrome caches TLS sessions before certificate validation occurs. | |||||
| CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2017-04-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | |||||
| CVE-2016-9892 | 1 Eset | 2 Endpoint Antivirus, Endpoint Security | 2017-03-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. | |||||
| CVE-2016-7171 | 1 Netapp | 1 Netapp Plug-in | 2016-12-23 | 6.8 MEDIUM | 5.6 MEDIUM |
| NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | |||||