Total
1042 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2017-10-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2017-10-05 | 6.8 MEDIUM | 8.1 HIGH |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |||||
| CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2017-10-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | |||||
| CVE-2016-10511 | 1 Twitter | 1 Twitter | 2017-10-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | |||||
| CVE-2017-7971 | 1 Schneider-electric | 3 Citect Anywhere, Powerscada Anywhere, Powerscada Expert | 2017-09-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate. | |||||
| CVE-2015-2943 | 1 Honda | 1 Moto Linc | 2017-09-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| Honda Moto LINC 1.6.1 does not verify SSL certificates. | |||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2017-08-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | |||||
| CVE-2017-11506 | 1 Tenable | 1 Nessus | 2017-08-24 | 5.8 MEDIUM | 7.4 HIGH |
| When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks. | |||||
| CVE-2015-2674 | 1 Restkit | 1 Restkit | 2017-08-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. | |||||
| CVE-2017-2278 | 3 Apple, Google, Iid | 3 Iphone Os, Android, Rbb Speed Test | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-11364 | 1 Joomla | 1 Joomla\! | 2017-08-04 | 6.5 MEDIUM | 8.8 HIGH |
| The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs. | |||||
| CVE-2017-1000007 | 1 Twistedmatrix | 1 Txaws | 2017-08-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | |||||
| CVE-2015-0904 | 1 Shidax | 1 Restaurant Karaoke | 2017-07-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack. | |||||
| CVE-2015-3886 | 1 Libinfinity Project | 1 Libinfinity | 2017-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2017-0129 | 1 Microsoft | 1 Lync For Mac | 2017-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | |||||
| CVE-2017-6988 | 1 Apple | 1 Mac Os X | 2017-07-08 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes. | |||||
| CVE-2017-2498 | 1 Apple | 1 Iphone Os | 2017-07-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate. | |||||
| CVE-2015-2330 | 1 Webkitgtk | 1 Webkitgtk | 2017-07-01 | 5.0 MEDIUM | 7.5 HIGH |
| Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2017-06-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2017-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||