Total
1114 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5648 | 1 Acer | 1 Acer Portal | 2025-04-20 | 4.3 MEDIUM | 5.3 MEDIUM |
| Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate. | |||||
| CVE-2017-3563 | 1 Oracle | 1 Vm Virtualbox | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2014-7242 | 1 Ms-ins | 2 Sumaho, Sumaho Driving Capability Diagnosis | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | |||||
| CVE-2017-8213 | 1 Huawei | 2 Smc2.0, Smc2.0 Firmware | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. | |||||
| CVE-2017-9580 | 1 Meafinancial | 1 Pioneer Bank \& Trust Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9574 | 1 Meafinancial | 1 Kc Area Credit Union Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | |||||
| CVE-2017-8445 | 1 Elastic | 1 X-pack | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| An error was found in the X-Pack Security TLS trust manager for versions 5.0.0 to 5.5.1. If reloading the trust material fails the trust manager will be replaced with an instance that trusts all certificates. This could allow any node using any certificate to join a cluster. The proper behavior in this instance is for the TLS trust manager to deny all certificates. | |||||
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | |||||
| CVE-2016-10511 | 1 Twitter | 1 Twitter | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | |||||
| CVE-2017-9567 | 1 Meafinancial | 1 Avb Bank Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-3213 | 1 Think Mutual Bank | 1 Think Mutual Bank Mobile Banking App | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7815 | 1 Cybozu | 1 Remote Service Manager | 2025-04-20 | 4.9 MEDIUM | 4.2 MEDIUM |
| Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. | |||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| GANMA! App for iOS does not verify SSL certificates. | |||||
| CVE-2017-5916 | 1 America\'s First Federal Credit Union | 1 America\'s First Fcu Mobile Banking | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1210 | 1 The Hyakugo Bank | 1 105 Bank | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9578 | 1 Rivervalleycommunitybank | 1 Rvcb Mobile | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-9561 | 1 Lbtc | 1 Lee Bank \& Trust | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8941 | 1 Interval International | 1 Interval International | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8937 | 1 Life Before Us | 1 Yo. | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||