CVEs from 2017
Total
11,615
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12859 | medium | 5.9 | 5.9 | 9y ago | NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS environments, allows remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2017-1501 | medium | 5.9 | 5.9 | 9y ago | IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide weaker than expected security after using the Admin Console to update the web services security bindings settings. IBM X-Force ID: 129… | |||
| CVE-2017-8673 | medium | 5.9 | 5.9 | 9y ago | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Deskt… | |||
| CVE-2017-10135 | medium | 5.9 | 5.9 | 9y ago | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JCE). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u… | |||
| CVE-2017-10819 | medium | 5.9 | 5.9 | 9y ago | MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, which may allow an attacker to eavesdrop on an encrypted communication. | |||
| CVE-2017-2278 | medium | 5.9 | 5.9 | 9y ago | The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle … | |||
| CVE-2017-12132 | medium | 5.9 | 5.9 | 9y ago | The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path… | |||
| CVE-2017-11131 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SH… | |||
| CVE-2017-1386 | medium | 5.9 | 5.9 | 9y ago | IBM API Connect 5.0.0.0 could allow a user to bypass policy restrictions and create non-compliant passwords which could be intercepted and decrypted using man in the middle techniques. IBM X-Force ID… | |||
| CVE-2017-9487 | medium | 5.9 | 5.9 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to discover … | |||
| CVE-2017-9475 | medium | 5.9 | 5.9 | 9y ago | Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address. | |||
| CVE-2017-11654 | medium | 5.9 | 5.9 | 9y ago | An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this … | |||
| CVE-2017-11501 | medium | 5.9 | 5.9 | 9y ago | NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It … | |||
| CVE-2017-8006 | medium | 5.9 | 5.9 | 9y ago | In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to att… | |||
| CVE-2017-2346 | medium | 5.9 | 5.9 | 9y ago | An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of s… | |||
| CVE-2017-11353 | medium | 5.9 | 5.9 | 9y ago | yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH a… | |||
| CVE-2017-1000007 | medium | 5.9 | 5.9 | 9y ago | txAWS (all current versions) fail to perform complete certificate verification resulting in vulnerability to MitM attacks and information disclosure. | |||
| CVE-2017-7672 | medium | 5.9 | 5.9 | 9y ago | Apache Struts Improper Input Validation vulnerability | |||
| CVE-2017-8582 | medium | 5.9 | 5.9 | 9y ago | HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 a… | |||
| CVE-2017-10600 | medium | 5.9 | 5.9 | 9y ago | ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates files in the resulting image with the uid of the invoking user. When the resulting image is booted, a local attacker with the sam… | |||
| CVE-2017-11104 | medium | 5.9 | 5.9 | 9y ago | Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if … | |||
| CVE-2017-8932 | medium | 5.9 | 5.9 | 9y ago | Incorrect computation for P-256 curves in crypto/elliptic | |||
| CVE-2017-6703 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc9034… | |||
| CVE-2017-5361 | medium | 5.9 | 5.9 | 9y ago | Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain… | |||
| CVE-2017-10789 | medium | 5.9 | 5.9 | 9y ago | The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encr… | |||
| CVE-2017-10668 | medium | 5.9 | 5.9 | 9y ago | A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker… | |||
| CVE-2017-7521 | medium | 5.9 | 5.9 | 9y ago | OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to remote denial-of-service due to memory exhaustion caused by memory leaks and double-free issue in extract_x509_extension(). | |||
| CVE-2017-1000377 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not suff… | |||
| CVE-2017-8449 | medium | 5.9 | 5.9 | 9y ago | X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field l… | |||
| CVE-2017-9601 | medium | 5.9 | 5.9 | 9y ago | The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-… | |||
| CVE-2017-9600 | medium | 5.9 | 5.9 | 9y ago | The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to… | |||
| CVE-2017-9599 | medium | 5.9 | 5.9 | 9y ago | The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allo… | |||
| CVE-2017-9598 | medium | 5.9 | 5.9 | 9y ago | The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which all… | |||
| CVE-2017-9597 | medium | 5.9 | 5.9 | 9y ago | The "Blue Ridge Bank and Trust Co. Mobile Banking" by Blue Ridge Bank and Trust Co. app 3.0.1 -- aka blue-ridge-bank-and-trust-co-mobile-banking/id699679197 for iOS does not verify X.509 certificates… | |||
| CVE-2017-9596 | medium | 5.9 | 5.9 | 9y ago | The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle … | |||
| CVE-2017-9595 | medium | 5.9 | 5.9 | 9y ago | The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates fro… | |||
| CVE-2017-9594 | medium | 5.9 | 5.9 | 9y ago | The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to sp… | |||
| CVE-2017-9593 | medium | 5.9 | 5.9 | 9y ago | The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers … | |||
| CVE-2017-9592 | medium | 5.9 | 5.9 | 9y ago | The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509 ce… | |||
| CVE-2017-9591 | medium | 5.9 | 5.9 | 9y ago | The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a… | |||
| CVE-2017-9590 | medium | 5.9 | 5.9 | 9y ago | The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, w… | |||
| CVE-2017-9589 | medium | 5.9 | 5.9 | 9y ago | The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which… | |||
| CVE-2017-9588 | medium | 5.9 | 5.9 | 9y ago | The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers … | |||
| CVE-2017-9587 | medium | 5.9 | 5.9 | 9y ago | The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve… | |||
| CVE-2017-9586 | medium | 5.9 | 5.9 | 9y ago | The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle… | |||
| CVE-2017-9585 | medium | 5.9 | 5.9 | 9y ago | The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates fr… | |||
| CVE-2017-9584 | medium | 5.9 | 5.9 | 9y ago | The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke… | |||
| CVE-2017-9583 | medium | 5.9 | 5.9 | 9y ago | The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle at… | |||
| CVE-2017-9582 | medium | 5.9 | 5.9 | 9y ago | The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t… | |||
| CVE-2017-9581 | medium | 5.9 | 5.9 | 9y ago | The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which … | |||
| CVE-2017-9580 | medium | 5.9 | 5.9 | 9y ago | The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which a… | |||
| CVE-2017-9579 | medium | 5.9 | 5.9 | 9y ago | The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle att… | |||
| CVE-2017-9578 | medium | 5.9 | 5.9 | 9y ago | The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof server… | |||
| CVE-2017-9577 | medium | 5.9 | 5.9 | 9y ago | The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which… | |||
| CVE-2017-9576 | medium | 5.9 | 5.9 | 9y ago | The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL serv… | |||
| CVE-2017-9575 | medium | 5.9 | 5.9 | 9y ago | The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-midd… | |||
| CVE-2017-9574 | medium | 5.9 | 5.9 | 9y ago | The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which… | |||
| CVE-2017-9573 | medium | 5.9 | 5.9 | 9y ago | The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and … | |||
| CVE-2017-9572 | medium | 5.9 | 5.9 | 9y ago | The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive … | |||
| CVE-2017-9571 | medium | 5.9 | 5.9 | 9y ago | The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob… | |||
| CVE-2017-9570 | medium | 5.9 | 5.9 | 9y ago | The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens… | |||
| CVE-2017-9569 | medium | 5.9 | 5.9 | 9y ago | The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive… | |||
| CVE-2017-9568 | medium | 5.9 | 5.9 | 9y ago | The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf… | |||
| CVE-2017-9567 | medium | 5.9 | 5.9 | 9y ago | The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati… | |||
| CVE-2017-9566 | medium | 5.9 | 5.9 | 9y ago | The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor… | |||
| CVE-2017-9565 | medium | 5.9 | 5.9 | 9y ago | The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensi… | |||
| CVE-2017-9564 | medium | 5.9 | 5.9 | 9y ago | The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information… | |||
| CVE-2017-9563 | medium | 5.9 | 5.9 | 9y ago | The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv… | |||
| CVE-2017-9562 | medium | 5.9 | 5.9 | 9y ago | The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers… | |||
| CVE-2017-9561 | medium | 5.9 | 5.9 | 9y ago | The Lee Bank & Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf… | |||
| CVE-2017-9560 | medium | 5.9 | 5.9 | 9y ago | The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inform… | |||
| CVE-2017-9559 | medium | 5.9 | 5.9 | 9y ago | The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informa… | |||
| CVE-2017-9558 | medium | 5.9 | 5.9 | 9y ago | The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2017-7677 | medium | 5.9 | 5.9 | 9y ago | Moderate severity vulnerability that affects org.apache.ranger:ranger | |||
| CVE-2017-8242 | medium | 5.9 | 5.9 | 9y ago | In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. | |||
| CVE-2017-6656 | medium | 5.9 | 5.9 | 9y ago | A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition d… | |||
| CVE-2017-4971 | medium | 5.9 | 5.9 | 9y ago | Insecure Default Initialization of Resource in Pivotal Spring Web Flow | |||
| CVE-2017-4970 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in Cloud Foundry Foundation cf-release v255 and Staticfile buildpack versions v1.4.0 - v1.4.3. A regression introduced in the Static file build pack causes the Staticfile.auth… | |||
| CVE-2017-9526 | medium | 5.9 | 5.9 | 9y ago | In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ec… | |||
| CVE-2017-1179 | medium | 5.9 | 5.9 | 9y ago | IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431. | |||
| CVE-2017-6512 | medium | 5.9 | 5.9 | 9y ago | Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loos… | |||
| CVE-2017-2309 | medium | 5.9 | 5.9 | 9y ago | On Juniper Networks Junos Space versions prior to 16.1R1 when certificate based authentication is enabled for the Junos Space cluster, some restricted web services are accessible over the network. Th… | |||
| CVE-2017-6988 | medium | 5.9 | 5.9 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "802.1X" component. It allows remote attackers to discover the network credentials of arbit… | |||
| CVE-2017-9045 | medium | 5.9 | 5.9 | 9y ago | The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof … | |||
| CVE-2017-8943 | medium | 5.9 | 5.9 | 9y ago | The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certi… | |||
| CVE-2017-8942 | medium | 5.9 | 5.9 | 9y ago | The YottaMark ShopWell - Healthy Diet & Grocery Food Scanner app 5.3.7 through 5.4.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof ser… | |||
| CVE-2017-8941 | medium | 5.9 | 5.9 | 9y ago | The Interval International app 3.3 through 3.5.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informatio… | |||
| CVE-2017-8940 | medium | 5.9 | 5.9 | 9y ago | The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2017-8939 | medium | 5.9 | 5.9 | 9y ago | The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat… | |||
| CVE-2017-8938 | medium | 5.9 | 5.9 | 9y ago | The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c… | |||
| CVE-2017-8937 | medium | 5.9 | 5.9 | 9y ago | The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted c… | |||
| CVE-2017-8936 | medium | 5.9 | 5.9 | 9y ago | The MoboTap Dolphin Web Browser - Fast Private Internet Search app 9.23.0 through 9.23.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2017-8935 | medium | 5.9 | 5.9 | 9y ago | The Quest Information Systems Indiana Voters app 1.1.24 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf… | |||
| CVE-2017-7485 | medium | 5.9 | 5.9 | 9y ago | In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connectio… | |||
| CVE-2017-0280 | medium | 5.9 | 5.9 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID… | |||
| CVE-2017-0276 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0275 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0274 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… | |||
| CVE-2017-0273 | medium | 5.9 | 5.9 | 9y ago | The Microsoft Server Message Block 1.0 (SMBv1) allows denial of service when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability". This CVE ID… | |||
| CVE-2017-0271 | medium | 5.9 | 5.9 | 9y ago | Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012… |