Total
977 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1221 | 1 Jetstar | 1 Jetstar | 2017-04-28 | N/A |
| Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-4832 | 1 Aeon | 1 Waon | 2017-04-27 | N/A |
| WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates. | ||||
| CVE-2016-4818 | 1 Dmm | 3 Dmmfx Demo Trade, Dmmfx Trade, Gaitamejapan Fx Trade | 2017-04-26 | N/A |
| DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates. | ||||
| CVE-2016-1198 | 1 Ntt | 1 Photopt | 2017-04-26 | N/A |
| Photopt for Android before 2.0.1 does not verify SSL certificates. | ||||
| CVE-2016-1186 | 1 Cybozu | 1 Kintone | 2017-04-26 | N/A |
| Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates. | ||||
| CVE-2016-4829 | 1 Dmm | 1 Ppv Play Player | 2017-04-26 | N/A |
| DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates. | ||||
| CVE-2013-7450 | 1 Pulpproject | 1 Pulp | 2017-04-26 | N/A |
| Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations. | ||||
| CVE-2017-5887 | 1 Starscream Project | 1 Starscream | 2017-04-26 | N/A |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because pinning occurs in the stream function (this is too late; pinning should occur in the initStreamsWithData function). | ||||
| CVE-2017-7192 | 1 Starscream Project | 1 Starscream | 2017-04-25 | N/A |
| WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false). | ||||
| CVE-2013-6662 | 1 Google | 1 Chrome | 2017-04-20 | N/A |
| Google Chrome caches TLS sessions before certificate validation occurs. | ||||
| CVE-2016-1132 | 1 Docomo | 1 Shoplat | 2017-04-20 | N/A |
| Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify SSL certificates. | ||||
| CVE-2015-7826 | 1 Botan Project | 1 Botan | 2017-04-15 | N/A |
| botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. | ||||
| CVE-2016-9319 | 1 Trendmicro | 1 Mobile Security | 2017-04-04 | N/A |
| There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398. | ||||
| CVE-2016-9892 | 1 Eset | 2 Endpoint Antivirus, Endpoint Security | 2017-03-16 | N/A |
| The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root. | ||||
| CVE-2016-9015 | 1 Python | 1 Urllib3 | 2017-01-13 | N/A |
| Versions 1.17 and 1.18 of the Python urllib3 library suffer from a vulnerability that can cause them, in certain configurations, to not correctly validate TLS certificates. This places users of the library with those configurations at risk of man-in-the-middle and information leakage attacks. This vulnerability affects users using versions 1.17 and 1.18 of the urllib3 library, who are using the optional PyOpenSSL support for TLS instead of the regular standard library TLS backend, and who are using OpenSSL 1.1.0 via PyOpenSSL. This is an extremely uncommon configuration, so the security impact of this vulnerability is low. | ||||
| CVE-2012-0867 | 4 Debian, Opensuse Project, Postgresql and 1 more | 11 Debian Linux, Opensuse, Postgresql and 8 more | 2016-12-07 | N/A |
| PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | ||||
| CVE-2012-4948 | 1 Fortinet | 29 Fortigate-1000c, Fortigate-100d, Fortigate-110c and 26 more | 2016-12-07 | N/A |
| The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Fortinet_CA_SSLProxy certificate in a list of trusted root certification authorities. | ||||