Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-05-15 | CVE-2017-8941 | Improper Certificate Validation vulnerability in Interval International Interval International The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8940 | Improper Certificate Validation vulnerability in Zipongo Inc. Healthy Recipes and Grocery Deals 6.2 The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8939 | Improper Certificate Validation vulnerability in Warnerbros Ellentube 3.1.1/3.1.2/3.1.3 The Warner Bros. | 5.9 |
2017-05-15 | CVE-2017-8938 | Improper Certificate Validation vulnerability in Radiojavan Radio Javan The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8937 | Improper Certificate Validation vulnerability in Life Before US YO. 2.5.8 The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8936 | Improper Certificate Validation vulnerability in Changyou Dolphin web Browser 9.23.0/9.23.2 The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-8935 | Improper Certificate Validation vulnerability in Gocivix Indiana Voters 1.1.24 The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.9 |
2017-05-15 | CVE-2017-7495 | Information Exposure vulnerability in Linux Kernel fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file. | 5.5 |
2017-05-15 | CVE-2017-7479 | Reachable Assertion vulnerability in Openvpn OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker. | 6.5 |
2017-05-15 | CVE-2017-8934 | Improper Input Validation vulnerability in Pcmanfm Project Pcmanfm 1.2.5 PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). | 5.5 |