Search Results (4595 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7446 1 Bilingual Magic Ball Project 1 Bilingual Magic Ball 2025-04-12 N/A
The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-4637 1 F5 4 Big-iq Adc, Big-iq Cloud, Big-iq Device and 1 more 2025-04-12 N/A
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.
CVE-2015-2078 1 Komodia 1 Redirector Sdk 2025-04-12 N/A
The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077.
CVE-2015-2091 1 Apache 1 Mod-gnutls 2025-04-12 N/A
The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate.
CVE-2015-2471 1 Microsoft 1 Xml Core Services 2025-04-12 N/A
Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434.
CVE-2015-2476 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 N/A
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "WebDAV Client Information Disclosure Vulnerability."
CVE-2016-3707 3 Linux, Novell, Redhat 6 Linux Kernel-rt, Suse Linux Enterprise Real Time Extension, Enterprise Linux For Real Time and 3 more 2025-04-12 N/A
The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file.
CVE-2016-9847 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2014-7053 1 Citystar 1 City Star Me 2025-04-12 N/A
The City Star ME (aka com.citystarme) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7054 1 Nobexrc 1 Musica De Barrios Sonideros 2025-04-12 N/A
The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7117 1 Forestarea 1 Forest Area Fcu Mobile 2025-04-12 N/A
The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7118 1 Itography 1 Itography Item Hunt 2025-04-12 N/A
The Itography Item Hunt (aka com.itography.application) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7121 1 Magzter 1 Dhanam 2025-04-12 N/A
The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7128 1 Toyotaownersclub 1 Toyota Oc 2025-04-12 N/A
The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application 3.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7131 1 Core-apps 1 Digital Content Newfronts 2014 2025-04-12 N/A
The Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7135 1 Ayuntamientodecoana 1 Ayuntamiento De Coana 2025-04-12 N/A
The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7307 1 Forosocuellamos 1 Forosocuellamos 2025-04-12 N/A
The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-2902 1 Hp 1 Arcsight Smartconnectors 2025-04-12 N/A
HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted certificate.
CVE-2015-5537 1 Siemens 2 Ruggedcom Rox Ii Firmware, Ruggedcom Rugged Operating System 2025-04-12 N/A
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.
CVE-2015-6112 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 N/A
SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability."