Search Results (1474 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8942 1 Yottamark Inc. 1 Shopwell - Healthy Diet \& Grocery Food Scanner 2025-04-20 N/A
The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2017-2498 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Security" component. It allows attackers to bypass intended access restrictions via an untrusted certificate.
CVE-2015-2943 1 Honda 1 Moto Linc 2025-04-20 N/A
Honda Moto LINC 1.6.1 does not verify SSL certificates.
CVE-2015-4017 1 Saltstack 1 Salt 2025-04-20 N/A
Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules.
CVE-2015-4100 1 Puppet 1 Puppet Enterprise 2025-04-20 N/A
Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Authority Reverse Proxy Vulnerability."
CVE-2015-4680 2 Freeradius, Suse 3 Freeradius, Linux Enterprise Server, Linux Enterprise Software Development Kit 2025-04-20 N/A
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
CVE-2016-1132 1 Docomo 1 Shoplat 2025-04-20 N/A
Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates.
CVE-2016-1148 1 Photosynth 1 Akerun 2025-04-20 8.1 High
Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.
CVE-2016-1198 1 Ntt 1 Photopt 2025-04-20 N/A
Photopt for Android before 2.0.1 does not verify SSL certificates.
CVE-2016-1210 1 The Hyakugo Bank 1 105 Bank 2025-04-20 N/A
The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1221 1 Jetstar 1 Jetstar 2025-04-20 N/A
Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-8231 1 Lenovo 1 Lenovo Service Bridge 2025-04-20 N/A
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
CVE-2017-1000007 1 Twistedmatrix 1 Txaws 2025-04-20 N/A
txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure.
CVE-2017-1000097 1 Golang 1 Go 2025-04-20 7.5 High
On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
CVE-2017-15528 1 Norton 1 Install Norton Security 2025-04-20 3.7 Low
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target.
CVE-2017-17716 1 Gitlab 1 Gitlab 2025-04-20 N/A
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the gitlab_omniauth-ldap gem.
CVE-2017-17718 2 Net-ldap Project, Redhat 3 Net-ldap, Satellite, Satellite Capsule 2025-04-20 N/A
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
CVE-2017-3190 1 Axs 1 Flash Seats 2025-04-20 N/A
Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2017-3194 1 Pandora 1 Pandora 2025-04-20 N/A
Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.
CVE-2017-3213 1 Think Mutual Bank 1 Think Mutual Bank Mobile Banking App 2025-04-20 N/A
The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.