Total
1369 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2402 | 1 Squareup | 2 Okhttp, Okhttp3 | 2025-04-20 | 5.9 Medium |
| OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate. | ||||
| CVE-2015-0210 | 1 W1.fi | 1 Wpa Supplicant | 2025-04-20 | N/A |
| wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | ||||
| CVE-2017-5907 | 1 Great Southern Bank | 1 Great Southern Mobile Banking | 2025-04-20 | N/A |
| The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9588 | 1 Meafinancial | 1 Oritani Mobile Banking | 2025-04-20 | N/A |
| The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-8445 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. | ||||
| CVE-2016-7805 | 1 Unisys | 1 Mobigate | 2025-04-20 | N/A |
| The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2025-04-20 | N/A |
| Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | ||||
| CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2025-04-20 | N/A |
| The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | ||||
| CVE-2014-2845 | 2 Cyberduck, Microsoft | 2 Cyberduck, Windows | 2025-04-20 | 5.9 Medium |
| Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | ||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | N/A |
| GANMA! App for iOS does not verify SSL certificates. | ||||
| CVE-2017-9758 | 1 Savitech-ic | 1 Savitech Driver | 2025-04-20 | N/A |
| Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | ||||
| CVE-2017-9600 | 1 Meafinancial | 1 Peoples Bank Tulsa | 2025-04-20 | N/A |
| The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9598 | 1 Meafinancial | 1 Morton Credit Union Mobile Banking | 2025-04-20 | N/A |
| The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9591 | 1 Mypcb | 1 Pcb Mobile | 2025-04-20 | 5.9 Medium |
| The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9590 | 1 Sbw | 1 State Bank Of Waterloo Mobile Banking | 2025-04-20 | N/A |
| The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9587 | 1 Meafinancial | 1 Pcsb Bank Mobile | 2025-04-20 | N/A |
| The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9586 | 1 Meafinancial | 1 Fsby Mobile Banking | 2025-04-20 | N/A |
| The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9585 | 1 Csb-lamar | 1 Community State Bank-lamar | 2025-04-20 | 5.9 Medium |
| The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9583 | 1 Meafinancial | 1 Charlevoix State Bank | 2025-04-20 | N/A |
| The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-9579 | 1 Meafinancial | 1 Jmcu Mobile Banking | 2025-04-20 | N/A |
| The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||