Search Results (2479 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0874 3 Apple, Google, Okb 3 Iphone Os, Android, Smart Passbook 2025-04-20 N/A
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
CVE-2015-0904 1 Shidax 1 Restaurant Karaoke 2025-04-20 N/A
The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does not verify SSL certificates, which allows remote attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2016-1252 2 Canonical, Debian 3 Ubuntu Linux, Advanced Package Tool, Debian Linux 2025-04-20 5.9 Medium
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
CVE-2015-8138 2 Ntp, Redhat 2 Ntp, Enterprise Linux 2025-04-20 N/A
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero.
CVE-2015-8140 1 Ntp 1 Ntp 2025-04-20 N/A
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2016-1221 1 Jetstar 1 Jetstar 2025-04-20 N/A
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-10511 1 Twitter 1 Twitter 2025-04-20 N/A
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
CVE-2016-1210 1 The Hyakugo Bank 1 105 Bank 2025-04-20 N/A
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1184 1 Tokyostarbank 1 Tokyo Star Bank 2025-04-20 5.9 Medium
Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
CVE-2015-5263 1 Pulpproject 1 Pulp 2025-04-20 N/A
pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.
CVE-2015-5619 2 Elastic, Elasticsearch 2 Logstash, Logstash 2025-04-20 N/A
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2015-5639 1 Dwango 1 Niconico 2025-04-20 N/A
niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks.
CVE-2017-11364 1 Joomla 1 Joomla\! 2025-04-20 N/A
The CMS installer in Joomla! before 3.7.4 does not verify a user's ownership of a webspace, which allows remote authenticated users to gain control of the target application by leveraging Certificate Transparency logs.
CVE-2015-5666 1 Ana 1 All Nippon Airways 2025-04-20 N/A
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
CVE-2015-7826 1 Botan Project 1 Botan 2025-04-20 N/A
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.
CVE-2016-2402 1 Squareup 2 Okhttp, Okhttp3 2025-04-20 5.9 Medium
OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle attackers to bypass certificate pinning by sending a certificate chain with a certificate from a non-pinned trusted CA and the pinned certificate.
CVE-2017-11501 1 Nixos Project 1 Nixos 2025-04-20 N/A
NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP server with users.ldap.useTLS, peer verification will be unconditionally disabled in /etc/ldap.conf.
CVE-2017-10819 1 Intercom 1 Malion 2025-04-20 5.9 Medium
MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication.
CVE-2015-7973 5 Canonical, Freebsd, Netapp and 2 more 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more 2025-04-20 6.5 Medium
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network.
CVE-2015-3886 1 Libinfinity Project 1 Libinfinity 2025-04-20 N/A
libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.