Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2318 | 2 Debian, Mono-project | 2 Debian Linux, Mono | 2018-01-30 | N/A |
| The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue. | ||||
| CVE-2017-17718 | 1 Net-ldap Project | 1 Net-ldap | 2018-01-05 | N/A |
| The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | ||||
| CVE-2014-3250 | 3 Apache, Puppet, Redhat | 3 Http Server, Puppet, Linux | 2017-12-27 | N/A |
| The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4. | ||||
| CVE-2017-8213 | 1 Huawei | 2 Smc2.0, Smc2.0 Firmware | 2017-12-08 | N/A |
| Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, V100R005C00SPC101B001T, V100R005C00SPC102, V100R005C00SPC103, V100R005C00SPC200, V100R005C00SPC201T, V500R002C00, V600R006C00 has an input validation vulnerability when handle TLS and DTLS handshake with certificate. Due to the insufficient validation of received PKI certificates, remote attackers could exploit this vulnerability to crash the TLS module. | ||||
| CVE-2017-9758 | 1 Savitech-ic | 1 Savitech Driver | 2017-11-30 | N/A |
| Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion." | ||||
| CVE-2017-6144 | 1 F5 | 1 Big-ip Policy Enforcement Manager | 2017-11-15 | N/A |
| In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected. | ||||
| CVE-2016-7171 | 1 Netapp | 1 Netapp Plug-in | 2017-11-15 | N/A |
| NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation. | ||||
| CVE-2014-7242 | 1 Ms-ins | 2 Sumaho, Sumaho Driving Capability Diagnosis | 2017-11-08 | N/A |
| The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates. | ||||
| CVE-2014-3706 | 1 Redhat | 1 Enterprise Mrg | 2017-11-07 | N/A |
| ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | ||||
| CVE-2015-5639 | 1 Dwango | 1 Niconico | 2017-11-05 | N/A |
| niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | ||||
| CVE-2015-2988 | 1 Rakutencard | 1 Rakuten Card | 2017-11-03 | N/A |
| Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | ||||
| CVE-2015-6358 | 1 Cisco | 48 Pvc2300, Pvc2300 Firmware, Rtp300 and 45 more | 2017-11-03 | N/A |
| Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913. | ||||
| CVE-2015-7778 | 1 Gurunavi | 1 Gournavi | 2017-10-26 | N/A |
| Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | ||||
| CVE-2017-14582 | 1 Zohocorp | 1 Site24x7 Mobile Network Poller | 2017-10-10 | N/A |
| The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate. | ||||
| CVE-2015-0874 | 3 Apple, Google, Okb | 3 Iphone Os, Android, Smart Passbook | 2017-10-10 | N/A |
| Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | ||||
| CVE-2015-7785 | 1 Comicsmart | 1 Ganma\! | 2017-10-06 | N/A |
| GANMA! App for iOS does not verify SSL certificates. | ||||
| CVE-2015-5666 | 1 Ana | 1 All Nippon Airways | 2017-10-06 | N/A |
| ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | ||||
| CVE-2015-5263 | 1 Pulpproject | 1 Pulp | 2017-10-05 | N/A |
| pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | ||||
| CVE-2015-3420 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2017-10-05 | N/A |
| The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | ||||
| CVE-2016-10511 | 1 Twitter | 1 Twitter | 2017-10-04 | N/A |
| The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable unreleased Twitter iOS app features. | ||||