CVE-2018-0591

The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

USN-3512-1: OpenSSL vulnerabilities

David Benjamin discovered that OpenSSL did not correctly prevent buggy applications that ignore handshake errors from subsequently calling certain functions. CVE-2017-3737 It was discovered that OpenSSL incorrectly performed the x8664 Montgomery multiplication procedure. While unlikely, a remote...

InsideSecure MatrixSSL x509 certificate General Names Information Disclosure Vulnerability(CVE-2017-2782)

Summary An integer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a length counter to overflow, leading to a controlled out of bounds copy operation. To trigger this vulnerability, a...

CFME: default certificate used across all installs

CloudForms includes a default SSL/TLS certificate for the web server. This certificate is replaced at install time. However if an attacker were able to man-in-the-middle an administrator while installing the new certificate, the attacker could get a copy of the uploaded private key allowing for...

CVE-2017-9597

The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive...

Think Mutual Bank Mobile Banking app SSL Certificate Validation Vulnerability

Think Mutual Bank mobile banking app for iOS is a mobile banking app for iOS from Think Mutual Bank that provides quick access to manage customer accounts, manage balances, pay bills, send money, deposit checks, set up text alerts, find branch and ATM locations and more. A security vulnerability...

TradeKing FOREXTrader for iPhone app for iOS Sensitive Rest Vulnerability

TradeKingFOREXTraderforiPhoneappforiOS is the United States of America Karson TradeKing company for iOS a highly personalized operating environment with the foreign exchange trading platform. A sensitive information disclosure vulnerability exists in versions 2.9.12 to 2.9.14 of...

CVE-2017-5902

The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

The vulnerability of the PostgreSQL database management system allows a hacker to trigger a service failure.

The vulnerability of the PostgreSQL database management system is related to a memory reclamation error. Exploiting this vulnerability allows an attacker, operating remotely, to cause a service failure by terminating the SSL session at a certain time...

USN-2883-1: OpenSSL vulnerability

Antonio Sanso discovered that OpenSSL reused the same private DH exponent for the life of a server process when configured with a X9.42 style parameter file. This could allow a remote attacker to possibly discover the server's private DH exponent when being used with non-safe primes...

DEBIAN-CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

Fortinet FortiOS SSL-VPN Man-in-the-Middle Security Bypass Vulnerability

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A security vulnerability exists in Fortinet FortiOS SSL-VPN that could be exploited by an attacker to perform an unauthorized...

Junos Space Network Management Platform SSL Certificate Handling Cross-Site Scripting Vulnerability

Junos Space Network Management Platform is a network management platform solution. A cross-site scripting vulnerability exists in Junos Space Network Management Platform SSL certificate processing, which can be exploited by remote attackers to inject malicious script or HTML code that can be used...

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

IBM Security AppScan Standard Information Disclosure Vulnerability (CNVD-2015-00885)

IBM Security AppScan Standard is a set of security testing tools for Web applications from IBM in the United States. The tool automates dynamic and static security vulnerability scanning during the application development lifecycle. An information disclosure vulnerability exists in IBM Security...

DEBIAN-CVE-2015-0564

Buffer underflow in the ssldecryptrecord function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service application crash via a crafted packet that is improperly handled during decryption of an SSL...

mysql: unspecified vulnerability related to C API SSL CERTIFICATE HANDLING (CPU October 2014)

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING...

CVE-2014-7749

The CamDictionary aka com.intsig.camdict application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

UBUNTU-CVE-2014-6478

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL...

USN-2367-1: OpenSSL update

For compatibility reasons, OpenSSL in Ubuntu 12.04 LTS disables TLSv1.2 by default when being used as a client. When forcing the use of TLSv1.2, another compatibility feature OPENSSLMAXTLS12CIPHERLENGTH was used that would truncate the cipher list. This would prevent certain ciphers from being...