Products
3- 5 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10511 | Med | 0.38 | 5.9 | 0.01 | Sep 18, 2017 | The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable… | ||
| CVE-2023-29218 | 0.00 | — | 0.01 | Apr 3, 2023 | The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and… | |||
| CVE-2019-16263 | 0.00 | — | 0.01 | Oct 7, 2019 | The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE:… | |||
| CVE-2019-5431 | 0.00 | — | 0.00 | May 6, 2019 | This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login… | |||
| CVE-2017-0911 | 0.00 | — | 0.01 | Feb 9, 2018 | Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the… | |||
| CVE-2014-6838 | 0.00 | — | 0.00 | Sep 30, 2014 | The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
- risk 0.38cvss 5.9epss 0.01
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable…
- CVE-2023-29218Apr 3, 2023risk 0.00cvss —epss 0.01
The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and…
- CVE-2019-16263Oct 7, 2019risk 0.00cvss —epss 0.01
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE:…
- CVE-2019-5431May 6, 2019risk 0.00cvss —epss 0.00
This vulnerability was caused by an incomplete fix to CVE-2017-0911. Twitter Kit for iOS versions 3.0 to 3.4.0 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login…
- CVE-2017-0911Feb 9, 2018risk 0.00cvss —epss 0.01
Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the "Login with Twitter" component allowing an attacker to provide alternate credentials. In the final step of "Login with Twitter" authentication information is passed back to the…
- CVE-2014-6838Sep 30, 2014risk 0.00cvss —epss 0.00
The Groupama toujours la (aka com.groupama.toujoursla) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.