Total
1266 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-4467 | 1 Apache | 1 Qpid Proton | 2025-04-20 | N/A |
| The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | ||||
| CVE-2017-9560 | 1 Cayugalakenationalbank | 1 Cayuga Lake National Bank | 2025-04-20 | N/A |
| The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-13083 | 1 Rufus Project | 1 Rufus | 2025-04-20 | N/A |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code | ||||
| CVE-2017-9580 | 1 Meafinancial | 1 Pioneer Bank \& Trust Mobile Banking | 2025-04-20 | N/A |
| The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9577 | 1 Fcbl | 1 First Citizens Bank-mobile | 2025-04-20 | N/A |
| The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9575 | 1 Meafinancial | 1 Fvb Mobile Banking | 2025-04-20 | N/A |
| The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-7932 | 1 Nxp | 60 I.mx 28, I.mx 28 Firmware, I.mx 50 and 57 more | 2025-04-20 | N/A |
| An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image. | ||||
| CVE-2017-9572 | 1 Athensstatebank | 1 Athens State Bank Mobile | 2025-04-20 | N/A |
| The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2025-04-20 | N/A |
| Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-8941 | 1 Interval International | 1 Interval International | 2025-04-20 | N/A |
| The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2025-04-20 | N/A |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | ||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2025-04-20 | N/A |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | ||||
| CVE-2017-9570 | 1 Meafinancial | 1 Mount Vernon Bank \& Trust Mobile Banking | 2025-04-20 | N/A |
| The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1148 | 1 Photosynth | 1 Akerun | 2025-04-20 | 8.1 High |
| Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | ||||
| CVE-2017-9567 | 1 Meafinancial | 1 Avb Bank Mobile Banking | 2025-04-20 | N/A |
| The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2025-04-20 | N/A |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | ||||
| CVE-2016-1184 | 1 Tokyostarbank | 1 Tokyo Star Bank | 2025-04-20 | 5.9 Medium |
| Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates. | ||||
| CVE-2017-9565 | 1 Meafinancial | 1 First Security Bank Sleepy Eye Mobile | 2025-04-20 | N/A |
| The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-11770 | 2 Microsoft, Redhat | 2 Aspnetcore, Rhel Dotnet | 2025-04-20 | N/A |
| .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | ||||
| CVE-2016-1252 | 2 Canonical, Debian | 3 Ubuntu Linux, Advanced Package Tool, Debian Linux | 2025-04-20 | 5.9 Medium |
| The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures. | ||||