Search Results (363449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6840 1 Weddingselections 1 My Wedding Planner 2025-04-12 N/A
The My Wedding Planner (aka app.wedding) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6846 1 Intelitycorp 1 Four Seasons Beverly Hills 2025-04-12 N/A
The Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application @7F050007 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0112 2 Apache, Redhat 2 Struts, Jboss Fuse 2025-04-12 N/A
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094.
CVE-2014-6848 1 Synology 1 Ds File 2025-04-12 N/A
The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6855 1 Imop 1 Long 2025-04-12 N/A
The Long (aka com.imop.longjiang.android) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0543 1 Emc 1 Secure Remote Services 2025-04-12 N/A
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6857 1 Arabia2000 1 Car Wallpapers Hd 2025-04-12 N/A
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2142 1 Cisco 3 Cisco Ons 15454 System Software, Ons 15454, Ons 15454 System Software 2025-04-12 N/A
Cisco ONS 15454 controller cards with software 10.0 and earlier allow remote attackers to cause a denial of service (card reload) via a crafted HTTP URI, aka Bug ID CSCun06870.
CVE-2014-2559 1 Twitget Project 1 Twitget 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in twitget.php in the Twitget plugin before 3.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change unspecified plugin options via a request to wp-admin/options-general.php.
CVE-2014-6861 1 Terrarienbilder 1 Terrarienbilder.com Forum 2025-04-12 N/A
The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6864 1 Socialknowledge 1 Forest River Forums 2025-04-12 N/A
The Forest River Forums (aka com.socialknowledge.forestriverforums) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0545 1 Emc 1 Unisphere 2025-04-12 N/A
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-3007 2 Python, Pythonware 2 Pillow, Python Imaging Library 2025-04-12 N/A
Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.
CVE-2014-6868 1 Synology 1 Ds Audio 2025-04-12 N/A
The DS audio (aka com.synology.DSaudio) application 3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6871 1 Hogs Fly Crazy Project 1 Hogs Fly Crazy 2025-04-12 N/A
The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0546 1 Emc 1 Unified Infrastructure Manager\/provisioning 2025-04-12 N/A
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.
CVE-2014-6877 1 Santanderbank 1 Santander Personal Banking 2025-04-12 N/A
The Santander Personal Banking (aka com.sovereign.santander) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6878 1 Rbfcu 1 Rbfcu Mobile 2025-04-12 N/A
The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6879 1 Equifax 1 Equifax Mobile 2025-04-12 N/A
The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6880 1 Tradehero 1 Tradehero 2025-04-12 N/A
The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.