Vulnerabilities > Improper Certificate Validation
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-15 | CVE-2017-8938 | Improper Certificate Validation vulnerability in Radiojavan Radio Javan The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-05-15 | CVE-2017-8937 | Improper Certificate Validation vulnerability in Life Before US YO. 2.5.8 The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-05-15 | CVE-2017-8936 | Improper Certificate Validation vulnerability in Changyou Dolphin web Browser 9.23.0/9.23.2 The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-05-15 | CVE-2017-8935 | Improper Certificate Validation vulnerability in Gocivix Indiana Voters 1.1.24 The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-05-12 | CVE-2017-0248 | Improper Certificate Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka ".NET Security Feature Bypass Vulnerability." | 7.5 |
| 2017-05-05 | CVE-2017-8060 | Improper Certificate Validation vulnerability in Watchguard Panda Mobile Security 1.1 Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 5.9 |
| 2017-05-05 | CVE-2017-8059 | Improper Certificate Validation vulnerability in Foxitsoftware Foxit PDF 5.2.1/5.3.2 Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | 8.1 |
| 2017-05-05 | CVE-2017-8058 | Improper Certificate Validation vulnerability in Atlassian Hipchat 3.16.1 Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | 5.9 |
| 2017-05-05 | CVE-2017-5919 | Improper Certificate Validation vulnerability in 21St Century Insurance 21St Century Insurance The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
| 2017-05-05 | CVE-2017-5918 | Improper Certificate Validation vulnerability in Banco DE Costa Rica BCR Movil 3.7 The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |