Search Results (2480 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5653 2 Apache, Redhat 3 Cxf, Jboss Amq, Jboss Fuse 2025-04-20 N/A
JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.
CVE-2016-5016 1 Pivotal Software 4 Cloud Foundry, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa and 1 more 2025-04-20 N/A
Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.
CVE-2017-9577 1 Fcbl 1 First Citizens Bank-mobile 2025-04-20 N/A
The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9579 1 Meafinancial 1 Jmcu Mobile Banking 2025-04-20 N/A
The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0874 3 Apple, Google, Okb 3 Iphone Os, Android, Smart Passbook 2025-04-20 N/A
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
CVE-2017-9584 1 Heritagebankozarks 1 Hbo Mobile Banking 2025-04-20 N/A
The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-9589 1 Meafinancial 1 Scsb Shelbyville Il Mobile Banking 2025-04-20 N/A
The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8943 1 Puma 1 Pumatrac 2025-04-20 5.9 Medium
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-7816 1 Cybozu 1 Kintone 2025-04-20 N/A
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-7815 1 Cybozu 1 Remote Service Manager 2025-04-20 N/A
Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network.
CVE-2017-9590 1 Sbw 1 State Bank Of Waterloo Mobile Banking 2025-04-20 N/A
The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-8941 1 Interval International 1 Interval International 2025-04-20 N/A
The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3706 1 Redhat 1 Enterprise Mrg 2025-04-20 N/A
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
CVE-2017-9592 1 Meafinancial 1 Your Legacy Federal Credit Union Mobile Banking 2025-04-20 N/A
The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-10511 1 Twitter 1 Twitter 2025-04-20 N/A
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features.
CVE-2015-5666 1 Ana 1 All Nippon Airways 2025-04-20 N/A
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
CVE-2015-4100 1 Puppet 1 Puppet Enterprise 2025-04-20 N/A
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
CVE-2017-3190 1 Axs 1 Flash Seats 2025-04-20 N/A
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2016-4840 1 Toshiba 1 Coordinate Plus 2025-04-20 5.9 Medium
Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
CVE-2017-8940 1 Zipongo Inc. 1 Healthy Recipes And Grocery Deals 2025-04-20 N/A
The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.