| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. |
| The Kmart (aka com.kmart.android) application @7F0C00EF for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. |
| The Health Advocate SmartHelp (aka com.healthadvocate.ui) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Strike Fighters Israel (aka com.thirdwire.strikefighters.mideast.android) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Bieber News Now (aka com.jbnews) application 12.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Thailand Investor News (aka nudecreative.thaistock.set) application 1.39s for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Biplane Forum (aka com.gcspublishing.biplaneforum) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| IBM BigFix Remote Control before 9.1.3 does not properly set the default encryption strength, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and performing calculations on encrypted data. |
| ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. |
| WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. |
