The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
X-Pack Security 5.2.x would allow access to more fields than the user should have seen if the field level security rules used a mix of grant and exclude rules when merging multiple rules with field. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "FNB Kemp Mobile Banking" by First National Bank of Kemp app 3.0.2 -- aka fnb-kemp-mobile-banking/id571448725 for iOS does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Blue Ridge Bank and Trust Co. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "CFB Mobile Banking" by Citizens First Bank Wisconsin app 3.0.1 -- aka cfb-mobile-banking/id1081102805 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app 4.0.3 -- aka first-state-bank-of-bigfork-mobile-banking/id1133969876 for iOS does not verify X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Oculina Mobile Banking" by Oculina Bank app 3.0.0 -- aka oculina-mobile-banking/id867025690 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app 3.0.1 -- aka your-legacy-federal-credit-union-mobile-banking/id919131389 for iOS does not verify X.509. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "PCB Mobile" by Phelps County Bank app 3.0.2 -- aka pcb-mobile/id436891295 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app 3.0.0 -- aka scsb-shelbyville-il-mobile-banking/id938960224 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "HBO Mobile Banking" by Heritage Bank of Ozarks app 3.0.0 -- aka hbo-mobile-banking/id860224933 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Charlevoix State Bank" by Charlevoix State Bank app 3.0.1 -- aka charlevoix-state-bank/id1128963717 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "BNB Mobile Banking" by Brady National Bank app 3.0.0 -- aka bnb-mobile-banking/id674215747 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app 3.0.0 -- aka pioneer-bank-trust-mobile-banking/id603182861 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "JMCU Mobile Banking" by Joplin Metro Credit Union app 3.0.0 -- aka jmcu-mobile-banking/id716065893 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app 3.0.0 -- aka first-citizens-bank-mobile-banking/id566037101 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The "KC Area Credit Union Mobile Banking" by K C Area Credit Union app 3.0.1 -- aka kc-area-credit-union-mobile-banking/id1097607736 for iOS does not verify X.509 certificates from SSL servers, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.