Search Results (1475 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7242 1 Ms-ins 2 Sumaho, Sumaho Driving Capability Diagnosis 2025-04-20 N/A
The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.
CVE-2014-2845 2 Cyberduck, Microsoft 2 Cyberduck, Windows 2025-04-20 5.9 Medium
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
CVE-2015-0210 1 W1.fi 1 Wpa Supplicant 2025-04-20 N/A
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
CVE-2015-0904 1 Shidax 1 Restaurant Karaoke 2025-04-20 N/A
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2015-2330 1 Webkitgtk 1 Webkitgtk 2025-04-20 N/A
Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.
CVE-2015-3886 1 Libinfinity Project 1 Libinfinity 2025-04-20 N/A
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.
CVE-2015-4017 1 Saltstack 1 Salt 2025-04-20 N/A
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVE-2015-5619 2 Elastic, Elasticsearch 2 Logstash, Logstash 2025-04-20 N/A
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2015-5639 1 Dwango 1 Niconico 2025-04-20 N/A
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.
CVE-2015-5666 1 Ana 1 All Nippon Airways 2025-04-20 N/A
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
CVE-2016-10511 1 Twitter 1 Twitter 2025-04-20 N/A
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
CVE-2016-1132 1 Docomo 1 Shoplat 2025-04-20 N/A
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
CVE-2016-1148 1 Photosynth 1 Akerun 2025-04-20 8.1 High
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
CVE-2016-1184 1 Tokyostarbank 1 Tokyo Star Bank 2025-04-20 5.9 Medium
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
CVE-2016-1198 1 Ntt 1 Photopt 2025-04-20 N/A
Photopt for Android before 2.0.1 does not verify SSL certificates.
CVE-2016-1210 1 The Hyakugo Bank 1 105 Bank 2025-04-20 N/A
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1221 1 Jetstar 1 Jetstar 2025-04-20 N/A
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1252 2 Canonical, Debian 3 Ubuntu Linux, Advanced Package Tool, Debian Linux 2025-04-20 5.9 Medium
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
CVE-2016-1519 1 Grandstream 1 Wave 2025-04-20 N/A
The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
CVE-2016-4840 1 Toshiba 1 Coordinate Plus 2025-04-20 5.9 Medium
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.