Search Results (363307 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7698 1 Xinhua-news 1 Xinhua International 2025-04-12 N/A
The Xinhua International (aka org.xinhua.xnews_international) application 5.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7708 1 Booksbyraven 1 Raven - The Culture Lover 2025-04-12 N/A
The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0757 1 Cisco 1 Identity Services Engine Software 2025-04-12 N/A
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140.
CVE-2014-7712 1 Tiket 1 Tiket.com Hotel \& Flight 2025-04-12 N/A
The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0758 1 Cisco 1 Unified Meetingplace 2025-04-12 N/A
The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452.
CVE-2014-7713 1 Pocketmags 1 Skin\&ink Magazine 2025-04-12 N/A
The Skin&Ink Magazine (aka com.triactivemedia.skinandink) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-1010 1 Rockwellautomation 1 Rsview32 2025-04-12 N/A
Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack.
CVE-2014-7717 1 Userfriendlymedia 1 Mills-hazel Property Mgmt 2025-04-12 N/A
The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0660 1 Cisco 1 Telepresence Server Software 2025-04-12 N/A
Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123.
CVE-2014-7721 1 Flexymind 1 President Clicker 2025-04-12 N/A
The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-1389 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
CVE-2015-1904 1 Ibm 1 Business Process Manager 2025-04-12 N/A
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
CVE-2014-8372 1 Vmware 1 Airwatch 2025-04-12 N/A
AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote authenticated users to obtain the organizational information and statistics from arbitrary tenants via vectors involving a direct object reference.
CVE-2014-8521 1 Mcafee 1 Network Data Loss Prevention 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7723 1 Cmu 1 Carnegie Mellon Silicon Valley 2025-04-12 N/A
The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7728 1 Civitasmedia 1 Logan Banner 2025-04-12 N/A
The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7742 1 Informaciondelvaticano 1 Noticias Del Vaticano 2025-04-12 N/A
The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-2110 1 Hp 1 Loadrunner 2025-04-12 N/A
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-7743 1 Humor Ironias Y Realidades Project 1 Humor Ironias Y Realidades 2025-04-12 N/A
The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7754 1 Appsworld 1 Condor S.e. 2025-04-12 N/A
The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.