Search Results (1283 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7726 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2025-04-20 7.5 High
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
CVE-2015-0874 3 Apple, Google, Okb 3 Iphone Os, Android, Smart Passbook 2025-04-20 N/A
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
CVE-2015-0904 1 Shidax 1 Restaurant Karaoke 2025-04-20 N/A
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2017-9568 1 Myfpcu 1 Financial Plus Mobile Banking 2025-04-20 N/A
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1221 1 Jetstar 1 Jetstar 2025-04-20 N/A
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-7932 1 Nxp 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more 2025-04-20 N/A
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
CVE-2013-7450 1 Pulpproject 1 Pulp 2025-04-20 N/A
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
CVE-2017-14419 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 5.9 Medium
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service for HTTPS is also established.
CVE-2016-7815 1 Cybozu 1 Remote Service Manager 2025-04-20 N/A
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
CVE-2017-17718 2 Net-ldap Project, Redhat 3 Net-ldap, Satellite, Satellite Capsule 2025-04-20 N/A
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
CVE-2015-2988 1 Rakutencard 1 Rakuten Card 2025-04-20 N/A
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.
CVE-2017-6594 2 Heimdal Project, Opensuse 2 Heimdal, Leap 2025-04-20 7.5 High
The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.
CVE-2017-0129 1 Microsoft 1 Lync For Mac 2025-04-20 N/A
Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."
CVE-2015-4017 1 Saltstack 1 Salt 2025-04-20 N/A
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVE-2016-2402 1 Squareup 2 Okhttp, Okhttp3 2025-04-20 5.9 Medium
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
CVE-2017-1000007 1 Twistedmatrix 1 Txaws 2025-04-20 N/A
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.
CVE-2017-1000209 1 Nv-websocket-client Project 1 Nv-websocket-client 2025-04-20 N/A
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.
CVE-2014-3250 3 Apache, Puppet, Redhat 3 Http Server, Puppet, Linux 2025-04-20 N/A
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
CVE-2017-3213 1 Think Mutual Bank 1 Think Mutual Bank Mobile Banking App 2025-04-20 N/A
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8213 1 Huawei 2 Smc2.0, Smc2.0 Firmware 2025-04-20 N/A
Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module.