CVE-2024-27440

MEDIUM Year: 2024
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-295
View all →

Vulnerability Description

The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.

Related Vulnerabilities

CVE-2017-2387

MEDIUM
CVSS:4.8(Medium)

The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta...

CWE-2952017

CVE-2017-6142

MEDIUM
CVSS:4.8(Medium)

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus...

CWE-2952017

CVE-2018-0334

MEDIUM
CVSS:4.8(Medium)

A vulnerability in the certificate management subsystem of Cisco AnyConnect Network Access Manager and of Cisco AnyConnect Secure Mobility Client for iOS, Mac OS X, Android, Windows, and Linux could a...

CWE-2952018

CVE-2019-3875

MEDIUM
CVSS:4.8(Medium)

A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided i...

CWE-2952019

CVE-2020-10059

MEDIUM
CVSS:4.8(Medium)

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DT...

CWE-2952020

CVE-2020-2252

MEDIUM
CVSS:4.8(Medium)

Jenkins Mailer Plugin 1.32 and earlier does not perform hostname validation when connecting to the configured SMTP server.

CWE-2952020