Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-05-15 CVE-2017-8941 Improper Certificate Validation vulnerability in Interval International Interval International
The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
interval-international CWE-295
5.9
2017-05-15 CVE-2017-8940 Improper Certificate Validation vulnerability in Zipongo Inc. Healthy Recipes and Grocery Deals 6.2
The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
zipongo-inc CWE-295
5.9
2017-05-15 CVE-2017-8939 Improper Certificate Validation vulnerability in Warnerbros Ellentube 3.1.1/3.1.2/3.1.3
The Warner Bros.
network
high complexity
warnerbros CWE-295
5.9
2017-05-15 CVE-2017-8938 Improper Certificate Validation vulnerability in Radiojavan Radio Javan
The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
radiojavan CWE-295
5.9
2017-05-15 CVE-2017-8937 Improper Certificate Validation vulnerability in Life Before US YO. 2.5.8
The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
life-before-us CWE-295
5.9
2017-05-15 CVE-2017-8936 Improper Certificate Validation vulnerability in Changyou Dolphin web Browser 9.23.0/9.23.2
The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
changyou CWE-295
5.9
2017-05-15 CVE-2017-8935 Improper Certificate Validation vulnerability in Gocivix Indiana Voters 1.1.24
The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
high complexity
gocivix CWE-295
5.9
2017-05-15 CVE-2017-7495 Information Exposure vulnerability in Linux Kernel
fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file.
local
low complexity
linux CWE-200
5.5
2017-05-15 CVE-2017-7479 Reachable Assertion vulnerability in Openvpn
OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to reachable assertion when packet-ID counter rolls over resulting into Denial of Service of server by authenticated attacker.
network
low complexity
openvpn CWE-617
6.5
2017-05-15 CVE-2017-8934 Improper Input Validation vulnerability in Pcmanfm Project Pcmanfm 1.2.5
PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability).
local
low complexity
pcmanfm-project CWE-20
5.5