Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3451 | 1 Igniterealtime | 1 Openfire | 2018-10-09 | N/A |
| OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks. | ||||
| CVE-2018-0622 | 1 Dhc | 1 Dhc Online Shop | 2018-09-21 | N/A |
| The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-14709 | 1 Komoot | 1 Komoot | 2018-09-11 | N/A |
| The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-14612 | 1 Shpock | 1 Shpock | 2018-09-11 | N/A |
| "Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-12499 | 1 Motorola | 2 Mbp853, Mbp853 Firmware | 2018-09-07 | N/A |
| The Motorola MBP853 firmware does not correctly validate server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers it communicates with. In one such instance, it was identified that the device was downloading what appeared to be a client certificate. | ||||
| CVE-2018-0611 | 1 Ana | 1 Ana | 2018-08-28 | N/A |
| The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-10377 | 1 Portswigger | 1 Burp Suite | 2018-08-14 | N/A |
| PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data. | ||||
| CVE-2018-1153 | 1 Portswigger | 1 Burp Suite | 2018-08-14 | N/A |
| Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic. | ||||
| CVE-2016-9064 | 1 Mozilla | 2 Firefox, Firefox Esr | 2018-08-01 | N/A |
| Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | ||||
| CVE-2018-0591 | 1 T-joy | 1 Kinepass | 2018-06-25 | N/A |
| The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2018-4991 | 1 Adobe | 1 Creative Cloud | 2018-06-25 | N/A |
| Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier have an exploitable Improper certificate validation vulnerability. Successful exploitation could lead to a security bypass. | ||||
| CVE-2018-8119 | 1 Microsoft | 3 C Software Development Kit, Csharp Software Development Kit, Java Software Development Kit | 2018-06-18 | N/A |
| A spoofing vulnerability exists when the Azure IoT Device Provisioning AMQP Transport library improperly validates certificates over the AMQP protocol, aka "Azure IoT SDK Spoofing Vulnerability." This affects C# SDK, C SDK, Java SDK. | ||||
| CVE-2013-7201 | 1 Paypal | 1 Paypal | 2018-06-13 | N/A |
| WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. | ||||
| CVE-2017-6143 | 1 F5 | 2 Big-ip Advanced Firewall Manager, Big-ip Application Security Manager | 2018-05-21 | N/A |
| X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5. | ||||
| CVE-2018-10066 | 1 Mikrotik | 1 Routeros | 2018-05-17 | N/A |
| An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels). | ||||
| CVE-2018-9127 | 1 Botan Project | 1 Botan | 2018-05-15 | N/A |
| Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard certificates and could accept certain certificates as valid for hostnames when, under RFC 6125 rules, they should not match. This only affects certificates issued to the same domain as the host, so to impersonate a host one must already have a wildcard certificate matching other hosts in the same domain. For example, b*.example.com would match some hostnames that do not begin with a 'b' character. | ||||
| CVE-2018-0553 | 1 Glamo | 1 Iremocon Wifi | 2018-05-14 | N/A |
| The iRemoconWiFi App for Android version 4.1.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2017-13863 | 1 Apple | 1 Iphone Os | 2018-05-04 | N/A |
| An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates. | ||||
| CVE-2018-4086 | 1 Apple | 4 Apple Tv, Iphone Os, Mac Os X and 1 more | 2018-05-04 | N/A |
| An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints. | ||||
| CVE-2018-8970 | 1 Openbsd | 1 Libressl | 2018-04-24 | N/A |
| The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. | ||||