Search Results (1283 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4100 1 Puppet 1 Puppet Enterprise 2025-04-20 N/A
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
CVE-2017-8942 1 Yottamark Inc. 1 Shopwell - Healthy Diet \& Grocery Food Scanner 2025-04-20 N/A
The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8939 1 Warnerbros 1 Ellentube 2025-04-20 5.9 Medium
The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-5639 1 Dwango 1 Niconico 2025-04-20 N/A
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.
CVE-2015-7778 1 Gurunavi 1 Gournavi 2025-04-20 N/A
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.
CVE-2015-4680 2 Freeradius, Suse 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit 2025-04-20 N/A
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2017-8937 1 Life Before Us 1 Yo. 2025-04-20 N/A
The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-5666 1 Ana 1 All Nippon Airways 2025-04-20 N/A
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
CVE-2017-10819 1 Intercom 1 Malion 2025-04-20 5.9 Medium
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication.
CVE-2017-0248 1 Microsoft 1 .net Framework 2025-04-20 N/A
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability."
CVE-2017-7932 1 Nxp 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more 2025-04-20 N/A
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
CVE-2017-2498 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
CVE-2017-5902 1 Payquicker 1 Mypayquicker 2025-04-20 5.9 Medium
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5905 1 Dollar Bank 1 Dollar Bank Mobile 2025-04-20 5.9 Medium
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5906 1 Everyday Health Inc 1 Diabetes In Check\ 2025-04-20 N/A
The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5914 1 Dotit-corp 1 Banque Zitouna 2025-04-20 5.9 Medium
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-7726 1 Ismartalarm 2 Cubeone, Cubeone Firmware 2025-04-20 7.5 High
iSmartAlarm cube devices have an SSL Certificate Validation Vulnerability.
CVE-2017-11132 1 Heinekingmedia 1 Stashcat 2025-04-20 7.5 High
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.
CVE-2017-14420 1 Dlink 2 Dir-850l, Dir-850l Firmware 2025-04-20 5.9 Medium
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-15528 1 Norton 1 Install Norton Security 2025-04-20 3.7 Low
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.