Search Results (1283 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-7192 1 Starscream Project 1 Starscream 2025-04-20 N/A
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
CVE-2014-7242 1 Ms-ins 2 Sumaho, Sumaho Driving Capability Diagnosis 2025-04-20 N/A
The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.
CVE-2017-5914 1 Dotit-corp 1 Banque Zitouna 2025-04-20 5.9 Medium
The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-3886 1 Libinfinity Project 1 Libinfinity 2025-04-20 N/A
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
CVE-2017-5906 1 Everyday Health Inc 1 Diabetes In Check\ 2025-04-20 N/A
The Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app 3.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-11770 2 Microsoft, Redhat 2 Aspnetcore, Rhel Dotnet 2025-04-20 N/A
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability".
CVE-2017-5905 1 Dollar Bank 1 Dollar Bank Mobile 2025-04-20 5.9 Medium
The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5902 1 Payquicker 1 Mypayquicker 2025-04-20 5.9 Medium
The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-11506 1 Tenable 1 Nessus 2025-04-20 N/A
When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.
CVE-2017-8937 1 Life Before Us 1 Yo. 2025-04-20 N/A
The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-4840 1 Toshiba 1 Coordinate Plus 2025-04-20 5.9 Medium
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
CVE-2017-7932 1 Nxp 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more 2025-04-20 N/A
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
CVE-2017-2800 1 Wolfssl 1 Wolfssl 2025-04-20 9.8 Critical
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
CVE-2017-2784 1 Arm 1 Mbed Tls 2025-04-20 N/A
An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications.
CVE-2016-1186 1 Cybozu 1 Kintone 2025-04-20 N/A
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
CVE-2013-6662 1 Google 1 Chrome 2025-04-20 N/A
Google Chrome caches TLS sessions before certificate validation occurs.
CVE-2016-2402 1 Squareup 2 Okhttp, Okhttp3 2025-04-20 5.9 Medium
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
CVE-2015-2988 1 Rakutencard 1 Rakuten Card 2025-04-20 N/A
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.
CVE-2017-9559 1 Meafinancial 1 Vision Bank 2025-04-20 N/A
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9560 1 Cayugalakenationalbank 1 Cayuga Lake National Bank 2025-04-20 N/A
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.