Search Results (1474 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1184 1 Tokyostarbank 1 Tokyo Star Bank 2025-04-20 5.9 Medium
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
CVE-2016-1148 1 Photosynth 1 Akerun 2025-04-20 8.1 High
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
CVE-2016-1132 1 Docomo 1 Shoplat 2025-04-20 N/A
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
CVE-2016-1186 1 Cybozu 1 Kintone 2025-04-20 N/A
Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
CVE-2015-5263 1 Pulpproject 1 Pulp 2025-04-20 N/A
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
CVE-2015-4680 2 Freeradius, Suse 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit 2025-04-20 N/A
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2015-3420 2 Dovecot, Fedoraproject 2 Dovecot, Fedora 2025-04-20 N/A
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
CVE-2015-2988 1 Rakutencard 1 Rakuten Card 2025-04-20 N/A
Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.
CVE-2015-2943 1 Honda 1 Moto Linc 2025-04-20 N/A
Honda Moto LINC 1.6.1 does not verify SSL certificates.
CVE-2015-2330 1 Webkitgtk 1 Webkitgtk 2025-04-20 N/A
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
CVE-2014-3706 1 Redhat 1 Enterprise Mrg 2025-04-20 N/A
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
CVE-2014-3250 3 Apache, Puppet, Redhat 3 Http Server, Puppet, Linux 2025-04-20 N/A
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.
CVE-2017-11364 1 Joomla 1 Joomla\! 2025-04-20 N/A
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVE-2017-9601 1 Fnbkemp 1 Fnb Kemp Mobile Banking 2025-04-20 N/A
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9600 1 Meafinancial 1 Peoples Bank Tulsa 2025-04-20 N/A
The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9599 1 Fountaintrust 1 Fountain Trust Mobile Banking 2025-04-20 N/A
The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9598 1 Meafinancial 1 Morton Credit Union Mobile Banking 2025-04-20 N/A
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9597 1 Meafinancial 1 Blue Ridge Bank And Trust Co. Mobile Banking 2025-04-20 N/A
The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9596 1 Meafinancial 1 Cfb Mobile Banking 2025-04-20 N/A
The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9595 1 Fsbbigfork 1 First State Bank Of Bigfork Mobile Banking 2025-04-20 N/A
The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.