Lucene search
K

265 matches found

BDU FSTEC
BDU FSTEC
added 2019/01/30 12:0 a.m.3 views

The vulnerability of the Apache ActiveMQ messaging broker, related to the lack of TLS hostname verification, allows attackers to gain unauthorized access to protected data.

The vulnerability of the Apache ActiveMQ messaging broker is related to the absence of hostname verification for TLS. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected data...

7.4CVSS7.2AI score0.0699EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2017/11/22 7:29 p.m.4 views

CVE-2017-8177

Huawei APP HiWallet earlier than 5.0.3.100 versions do not support signature verification for APK file. An attacker could exploit this vulnerability to hijack the APK and upload modified APK file. Successful exploit could lead to the APP is hijacking...

5.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2017/11/16 5:29 p.m.3 views

UBUNTU-CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8.1CVSS5.8AI score0.01398EPSS
Exploits0References5
OSV
OSV
added 2017/09/30 1:29 a.m.5 views

CVE-2017-14582

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate...

5.9CVSS5.8AI score0.02356EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/26 12:0 a.m.1 views

CompuLab Intense PC Input Validation Vulnerability

The CompuLab Intense PC is a miniature PC device from CompuLab Israel. A security vulnerability exists in CompuLab Intense PCs using firmware version cr2.2.0.400.2, which stems from a failure of the Phoenix SecureCore UEFI firmware to perform capsule signature verification. An attacker can exploi...

7.2CVSS6.7AI score0.00826EPSS
Exploits0References1
OSV
OSV
added 2017/06/16 12:29 p.m.4 views

CVE-2017-9588

The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9CVSS5.8AI score0.00486EPSS
Exploits0References1
OSV
OSV
added 2017/06/16 12:29 p.m.3 views

CVE-2017-9559

The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9CVSS5.8AI score0.00486EPSS
Exploits0References1
OSV
OSV
added 2017/06/16 12:29 p.m.3 views

CVE-2017-9564

The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9CVSS5.8AI score0.00486EPSS
Exploits0References1
OSV
OSV
added 2017/06/16 12:29 p.m.4 views

CVE-2017-9573

The North Adams State Bank Ursa nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2017/05/15 6:29 p.m.2 views

CVE-2017-8942

The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2017/03/06 12:0 a.m.5 views

PT-2017-17116 · Bittorrent +1 · Qbittorrent +1

Name of the Vulnerable Software and Affected Versions: qBittorrent versions prior to 3.3.11 qBittorrent versions prior to the version released in October 2024 Description: The issue concerns a lack of proper escaping of values in the WebUI, potentially leading to XSS attacks. Additionally, there...

6.1CVSS6.5AI score0.00857EPSS
Exploits0References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/05/30 5:21 a.m.4 views

DMM.com Securities FX Apps for Android fail to verify SSL server certificates

Overview Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Gaku Taniguchi of RiskFinder,inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

5.9CVSS6.5AI score0.00928EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.3 views

CVE-2014-7744

The Musulmanin.com aka com.wSalyafiyailimurdjiya application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.2 views

CVE-2014-7760

The Health assistance service aka net.nttcloud.ft.karada application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.1 views

CVE-2014-7741

The Healing Bookstore aka com.wHealingBookstore application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.3 views

CVE-2014-7726

The Golosinas Simpson1 aka com.wGolosinasSimpson1 application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.2 views

CVE-2014-7767

The A+ aka cn.xrzcm application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00292EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.2 views

CVE-2014-7739

The Anahi A Adopter FR aka com.wAnahiAAdopterFR application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.4 views

CVE-2014-7745

The Flight Manager aka com.flightmanager.view application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2014/10/21 10:55 a.m.3 views

CVE-2014-7698

The Xinhua International aka org.xinhua.xnewsinternational application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00266EPSS
Exploits0References4
Rows per page
Query Builder