Vulnerabilities > Improper Certificate Validation

DATE CVE VULNERABILITY TITLE RISK
2017-06-16 CVE-2017-9560 Improper Certificate Validation vulnerability in Cayugalakenationalbank Cayuga Lake National Bank 4.0.1
The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
cayugalakenationalbank CWE-295
5.9
2017-06-16 CVE-2017-9559 Improper Certificate Validation vulnerability in Meafinancial Vision Bank 3.0.1
The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
meafinancial CWE-295
5.9
2017-06-16 CVE-2017-9558 Improper Certificate Validation vulnerability in Wawacu Wawa Employees Credit Union Mobile 4.0.1
The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
wawacu CWE-295
5.9
2017-06-14 CVE-2017-4981 Improper Certificate Validation vulnerability in Dell Bsafe Cert-C 2.7
EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability.
network
low complexity
dell CWE-295
7.5
2017-06-09 CVE-2016-7816 Improper Certificate Validation vulnerability in Cybozu Kintone
The Cybozu kintone mobile for Android 1.0.6 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
cybozu CWE-295
5.9
2017-06-09 CVE-2016-7805 Improper Certificate Validation vulnerability in Unisys Mobigate 2.2.1.2/2.2.4.1
The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
unisys CWE-295
5.9
2017-06-08 CVE-2016-5648 Improper Certificate Validation vulnerability in Acer Portal 3.9.3.2006
Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.
network
high complexity
acer CWE-295
5.3
2017-06-04 CVE-2016-8231 Improper Certificate Validation vulnerability in Lenovo Service Bridge
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.
network
low complexity
lenovo CWE-295
7.5
2017-05-30 CVE-2016-3083 Improper Certificate Validation vulnerability in Apache Hive
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes).
network
low complexity
apache CWE-295
7.5
2017-05-24 CVE-2017-2800 Improper Certificate Validation vulnerability in Wolfssl
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution.
network
low complexity
wolfssl CWE-295
critical
9.8