Search Results (2509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-4192 1 Dell 1 Bsafe Share 2025-04-12 N/A
The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
CVE-2014-4352 1 Apple 1 Iphone Os 2025-04-12 N/A
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
CVE-2014-5953 1 Kaskus 1 Kaskus 2025-04-12 N/A
The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5956 1 Vplayer 1 Vplayer Video Player 2025-04-12 N/A
The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5982 1 Runkeeper 1 Runkeeper - Gps Track Run Walk 2025-04-12 N/A
The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6001 1 Gewara 1 Gewara 2025-04-12 N/A
The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6010 1 Awesomewidgets 1 Rasta Weed Widgets Hd 2025-04-12 N/A
The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6019 1 Psychology Project 1 Psychology 2025-04-12 N/A
The psychology (aka com.alek.psychology) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6074 1 Ibm 1 Urbancode Deploy 2025-04-12 N/A
IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.
CVE-2014-7120 1 Pocketmags 1 Model Laboratory 2025-04-12 N/A
The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7968 1 Redhat 3 Enterprise Linux, Rhev Manager, Virtual Desktop Service Manager 2025-04-12 N/A
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
CVE-2015-1355 1 Siemens 1 Simatic Step 7 2025-04-12 N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.
CVE-2015-5717 1 Siemens 1 Compas 2025-04-12 N/A
The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1788 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS before 2.2 does not properly implement a cryptographic protection mechanism, which allows remote attackers to read message attachments via vectors related to duplicate messages.
CVE-2016-2306 1 Ecava 1 Integraxor 2025-04-12 N/A
The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVE-2012-5662 1 Paul Mattes 1 X3270 2025-04-12 N/A
x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-7712 1 Tiket 1 Tiket.com Hotel \& Flight 2025-04-12 N/A
The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5917 1 Grassapper 1 Slideshow 365 2025-04-12 N/A
The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4897 1 Magzter 1 Touriosity Travelmag 2025-04-12 N/A
The Touriosity Travelmag (aka com.magzter.touriositytravelmag) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4898 1 Upasanhar 1 Harivijay 2025-04-12 N/A
The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.