Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-5909 | 1 Electronic Funds Source Llc | 1 Efs Mobile Driver Source | 2017-05-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5911 | 1 Banco Santander Mexico Sa | 1 Supermovil | 2017-05-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5912 | 1 Forex | 1 Forextrader | 2017-05-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5913 | 1 Forex | 1 Tradeking Forex | 2017-05-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-0540 | 2017-05-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2012-1619 | 2017-05-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2012-3545 | 2017-05-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2013-4360 | 2017-05-16 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2017-5916 | 1 America\'s First Federal Credit Union | 1 America\'s First Fcu Mobile Banking | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-5919 | 1 21st Century Insurance | 1 21st Century Insurance | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2017-8058 | 1 Atlassian | 1 Hipchat | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call. | |||||
| CVE-2017-7229 | 1 Vaultive | 1 Office 365 Security | 2017-05-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| PGP/MIME encrypted messages injected into a Vaultive O365 (before 4.5.21) frontend via IMAP or SMTP have their Content-Type changed from 'Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="abc123abc123"' to 'Content-Type: text/plain' - this results in the encrypted message being structured in such a way that most PGP/MIME-capable mail user agents are unable to decrypt it cleanly. The outcome is that encrypted mail passing through this device does not work (Denial of Service), and a common real-world consequence is a request to resend the mail in the clear (Information Disclosure). | |||||
| CVE-2017-8829 | 1 Debian | 1 Lintian | 2017-05-16 | 6.8 MEDIUM | 7.8 HIGH |
| Deserialization vulnerability in lintian through 2.5.50.3 allows attackers to trigger code execution by requesting a review of a source package with a crafted YAML file. | |||||
| CVE-2017-5907 | 1 Great Southern Bank | 1 Great Southern Mobile Banking | 2017-05-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-10369 | 1 Lxterminal Project | 1 Lxterminal | 2017-05-16 | 4.6 MEDIUM | 7.8 HIGH |
| unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). | |||||
| CVE-2017-8801 | 1 Trendmicro | 1 Officescan | 2017-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website. | |||||
| CVE-2017-6520 | 1 Bose | 1 Soundtouch 30 | 2017-05-16 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 inadvertently responds to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets. | |||||
| CVE-2015-8257 | 1 Axis | 11 Cannon Network Camera, Explosion-protected Camera, Fixed Box Camera and 8 more | 2017-05-16 | 9.0 HIGH | 8.8 HIGH |
| The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml. | |||||
| CVE-2017-8878 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2017-05-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml. | |||||
| CVE-2017-8877 | 1 Asus | 2 Rt-ac1750, Rt-ac1750 Firmware | 2017-05-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 allow JSONP Information Disclosure such as the SSID. | |||||