Search Results (1470 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9596 1 Meafinancial 1 Cfb Mobile Banking 2025-04-20 N/A
The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8060 1 Watchguard 1 Panda Mobile Security 2025-04-20 5.9 Medium
Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2015-4017 1 Saltstack 1 Salt 2025-04-20 N/A
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVE-2017-8058 1 Atlassian 1 Hipchat 2025-04-20 N/A
Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
CVE-2017-7080 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Security" component. It allows remote attackers to bypass intended certificate-trust restrictions via a revoked X.509 certificate.
CVE-2015-3886 1 Libinfinity Project 1 Libinfinity 2025-04-20 N/A
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
CVE-2017-9561 1 Lbtc 1 Lee Bank \& Trust 2025-04-20 N/A
The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9601 1 Fnbkemp 1 Fnb Kemp Mobile Banking 2025-04-20 N/A
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7450 1 Pulpproject 1 Pulp 2025-04-20 N/A
Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.
CVE-2015-7785 1 Comicsmart 1 Ganma\! 2025-04-20 N/A
GANMA! App for iOS does not verify SSL certificates.
CVE-2017-9567 1 Meafinancial 1 Avb Bank Mobile Banking 2025-04-20 N/A
The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9568 1 Myfpcu 1 Financial Plus Mobile Banking 2025-04-20 N/A
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-7192 1 Starscream Project 1 Starscream 2025-04-20 N/A
WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).
CVE-2017-9569 1 Citizensbanktx 1 Cbtx On The Go 2025-04-20 N/A
The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9571 1 Ccbank 1 Ccb Mobile Banking 2025-04-20 N/A
The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9575 1 Meafinancial 1 Fvb Mobile Banking 2025-04-20 N/A
The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9577 1 Fcbl 1 First Citizens Bank-mobile 2025-04-20 N/A
The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9579 1 Meafinancial 1 Jmcu Mobile Banking 2025-04-20 N/A
The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-4467 1 Apache 1 Qpid Proton 2025-04-20 N/A
The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVE-2017-3218 1 Samsung 1 Magician 2025-04-20 N/A
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.