CWE:
 

Topic
Date
Author
Med.
Magento 1.9.x Multiple Man-In The Middle
20.01.2016
Maksymilian Arciemowic...
Med.
phpMyAdmin 4.4.6 Man-In-the-Middle to API Github
14.05.2015
Maksymilian Arciemowic...
Low
PicsArt Photo Studio For Android Insecure Management
07.11.2014
Fundacion Dr. Manuel S...


CVEMAP Search Results

CVE
Details
Description
2018-07-27
Medium
CVE-2017-2649

Vendor: Jenkins
Software: Active directory
 

 
It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks.

 
Medium
CVE-2017-2648

Updating...
 

 
It was found that jenkins-ssh-slaves-plugin before version 1.15 did not perform host key verification, thereby enabling Man-in-the-Middle attacks.

 
2018-07-26
Medium
CVE-2018-0622

Vendor: DHC
Software: Dhc online shop
 

 
The DHC Online Shop App for Android version 3.2.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
2018-07-16
Medium
CVE-2017-7468

Vendor: HAXX
Software: Libcurl
 

 
In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn't be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.

 
2018-07-13
Low
CVE-2016-6562

Vendor: Mitel
Software: Shortel mobi...
 

 
On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

 
2018-07-12
Low
CVE-2017-14710

Vendor: Shein
Software: Shein
 

 
The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
Low
CVE-2017-14612

Updating...
 

 
"Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
Medium
CVE-2017-14709

Vendor: Komoot
Software: Komoot
 

 
The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

 
2018-07-10
Low
CVE-2018-8356

Vendor: Microsoft
Software: .net core
 

 
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.

 
Medium
CVE-2018-12461

Vendor: Netiq
Software: Edirectory
 

 
Fixed issues with NetIQ eDirectory prior to 9.1.1 when checking certificate revocation.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top