Search Results (1283 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7815 1 Cybozu 1 Remote Service Manager 2025-04-20 N/A
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
CVE-2014-3451 1 Igniterealtime 1 Openfire 2025-04-20 N/A
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.
CVE-2017-2299 1 Puppet 1 Puppetlabs-apache 2025-04-20 N/A
Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 make it very easy to accidentally misconfigure TLS trust. If you specify the `ssl_ca` parameter but do not specify the `ssl_certs_dir` parameter, a default will be provided for the `ssl_certs_dir` that will trust certificates from any of the system-trusted certificate authorities. This did not affect FreeBSD.
CVE-2017-12228 1 Cisco 2 Ios, Ios Xe 2025-04-20 N/A
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco Bug IDs: CSCvc33171.
CVE-2015-0904 1 Shidax 1 Restaurant Karaoke 2025-04-20 N/A
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2015-0874 3 Apple, Google, Okb 3 Iphone Os, Android, Smart Passbook 2025-04-20 N/A
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
CVE-2017-6988 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbitrary users by operating a crafted network that requires 802.1X authentication, because EAP-TLS certificate validation mishandles certificate changes.
CVE-2017-5919 1 21st Century Insurance 1 21st Century Insurance 2025-04-20 N/A
The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5918 1 Banco De Costa Rica 1 Bcr Movil 2025-04-20 N/A
The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5915 1 Emirates Nbd Bank P.j.s.c 2 Emirates Nbd, Emirates Nbd Ksa 2025-04-20 N/A
The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through 3.10.4 (UAE) and 2.0.1 through 2.1.0 (KSA) for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5913 1 Forex 1 Tradeking Forex 2025-04-20 N/A
The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5911 1 Banco Santander Mexico Sa 1 Supermovil 2025-04-20 N/A
The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-5901 1 State Bank Of India 1 State Bank Anywhere 2025-04-20 N/A
The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1184 1 Tokyostarbank 1 Tokyo Star Bank 2025-04-20 5.9 Medium
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
CVE-2017-5887 1 Starscream Project 1 Starscream 2025-04-20 N/A
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function).
CVE-2017-3194 1 Pandora 1 Pandora 2025-04-20 N/A
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2014-2845 2 Cyberduck, Microsoft 2 Cyberduck, Windows 2025-04-20 5.9 Medium
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
CVE-2017-3190 1 Axs 1 Flash Seats 2025-04-20 N/A
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2017-2387 1 Apple 1 Apple Music 2025-04-20 N/A
The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-15528 1 Norton 1 Install Norton Security 2025-04-20 3.7 Low
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.