Search Results (4599 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7337 1 Estateapps 1 Acorn Estate Agents 2025-04-12 N/A
The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7338 1 Faailkhair 1 Faailkhair 2025-04-12 N/A
The faailkhair (aka com.faailkhair.app) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0296 1 Microsoft 4 Windows 7, Windows 8, Windows 8.1 and 1 more 2025-04-12 N/A
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."
CVE-2015-8945 1 Openshift 1 Origin 2025-04-12 N/A
openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive private key information by reading the systemd journal.
CVE-2014-0869 1 Ibm 2 Algo Credit Limits, Algorithmics 2025-04-12 N/A
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.
CVE-2016-7438 1 Wolfssl 1 Wolfssl 2025-04-12 N/A
The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2016-7439 1 Wolfssl 1 Wolfssl 2025-04-12 N/A
The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences.
CVE-2016-1948 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream.
CVE-2016-8224 1 Lenovo 57 Bios, Notebook 110 14ibr, Notebook 110 14ibr Bios and 54 more 2025-04-12 N/A
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
CVE-2016-2268 1 Dell 1 Secureworks 2025-04-12 N/A
Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-3125 3 Fedoraproject, Opensuse, Proftpd 3 Fedora, Opensuse, Proftpd 2025-04-12 N/A
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
CVE-2013-6807 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
CVE-2014-0848 1 Ibm 1 Netezza Performance Portal 2025-04-12 N/A
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVE-2014-5817 1 Miniclip 1 Mini Pets 2025-04-12 N/A
The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5860 1 Aximediasoft 1 Slide Show Creator 2025-04-12 N/A
The Slide Show Creator (aka com.amem) application 4.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5885 1 Pdc 1 Disaster Alert 2025-04-12 N/A
The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5890 1 Sports2i 1 Kbo Sports2i 2014 2025-04-12 N/A
The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5931 1 Stopandshop 1 Stop \& Shop Scan It\! Mobile 2025-04-12 N/A
The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5953 1 Kaskus 1 Kaskus 2025-04-12 N/A
The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5956 1 Vplayer 1 Vplayer Video Player 2025-04-12 N/A
The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.