Total
1351 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-6594 | 2 Heimdal Project, Opensuse | 2 Heimdal, Leap | 2025-04-20 | 7.5 High |
| The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets. | ||||
| CVE-2017-9560 | 1 Cayugalakenationalbank | 1 Cayuga Lake National Bank | 2025-04-20 | N/A |
| The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-0129 | 1 Microsoft | 1 Lync For Mac | 2025-04-20 | N/A |
| Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability." | ||||
| CVE-2017-5653 | 2 Apache, Redhat | 3 Cxf, Jboss Amq, Jboss Fuse | 2025-04-20 | N/A |
| JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | ||||
| CVE-2017-9564 | 1 Meafinancial | 1 Community Banks Cb2go | 2025-04-20 | N/A |
| The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-8940 | 1 Zipongo Inc. | 1 Healthy Recipes And Grocery Deals | 2025-04-20 | N/A |
| The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9568 | 1 Myfpcu | 1 Financial Plus Mobile Banking | 2025-04-20 | N/A |
| The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-9015 | 1 Python | 1 Urllib3 | 2025-04-20 | N/A |
| Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | ||||
| CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2025-04-20 | N/A |
| There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | ||||
| CVE-2016-8231 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | N/A |
| In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. | ||||
| CVE-2016-1519 | 1 Grandstream | 1 Wave | 2025-04-20 | N/A |
| The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate. | ||||
| CVE-2016-7816 | 1 Cybozu | 1 Kintone | 2025-04-20 | N/A |
| The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | N/A |
| GANMA! App for iOS does not verify SSL certificates. | ||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2025-04-20 | N/A |
| Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | ||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2025-04-20 | N/A |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | ||||
| CVE-2016-3083 | 1 Apache | 1 Hive | 2025-04-20 | N/A |
| Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doesn't seem to be verifying the common name attribute of the certificate. In this way, if a JDBC client sends an SSL request to server abc.com, and the server responds with a valid certificate (certified by CA) but issued to xyz.com, the client will accept that as a valid certificate and the SSL handshake will go through. | ||||
| CVE-2017-10620 | 1 Juniper | 21 Junos, Srx100, Srx110 and 18 more | 2025-04-20 | N/A |
| Juniper Networks Junos OS on SRX series devices do not verify the HTTPS server certificate before downloading anti-virus updates. This may allow a man-in-the-middle attacker to inject bogus signatures to cause service disruptions or make the device not detect certain types of attacks. Affected Junos OS releases are: 12.1X46 prior to 12.1X46-D71; 12.3X48 prior to 12.3X48-D55; 15.1X49 prior to 15.1X49-D110; | ||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2025-04-20 | N/A |
| Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | ||||
| CVE-2015-4017 | 1 Saltstack | 1 Salt | 2025-04-20 | N/A |
| Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | ||||
| CVE-2017-3212 | 1 Sccu | 1 Space Coast Credit Union | 2025-04-20 | 5.9 Medium |
| The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||