Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-5540 | 1 Flickatrade | 1 Flick A Trade | 2024-08-06 | N/A |
The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5564 | 1 Aceviral | 1 Angry Gran Toss | 2024-08-06 | N/A |
The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5565 | 1 Gadgettrak | 1 Gadgettrak Mobile Security | 2024-08-06 | N/A |
The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5528 | 1 Appsflyer | 1 Appsflyer | 2024-08-06 | N/A |
The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5551 | 1 Ilearnwith | 1 Alphabet \& Spelling Kids Games | 2024-08-06 | N/A |
The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5561 | 1 Devarai | 1 Word Search Free | 2024-08-06 | N/A |
The Word Search Free (aka air.wordSearchFree) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5537 | 1 Chewysoftware | 1 Abduction Stacker Free | 2024-08-06 | N/A |
The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5562 | 1 Coles Credit Cards | 1 Coles Credit Card App | 2024-08-06 | N/A |
The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5534 | 1 Appministry | 1 Princess Shopping | 2024-08-06 | N/A |
The Princess Shopping (aka air.android.PrincessShopping) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5419 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2024-08-06 | N/A |
GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. | ||||
CVE-2014-5413 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2024-08-06 | N/A |
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | ||||
CVE-2014-5444 | 1 Yorba | 1 Geary | 2024-08-06 | N/A |
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | ||||
CVE-2014-5369 | 1 Enigmail | 1 Enigmail | 2024-08-06 | N/A |
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2014-5386 | 1 Facebook | 1 Hiphop Virtual Machine | 2024-08-06 | N/A |
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | ||||
CVE-2014-5403 | 1 Hospira | 1 Mednet | 2024-08-06 | N/A |
Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
CVE-2014-5323 | 1 Yukoyuko | 1 Yuko Yuko | 2024-08-06 | N/A |
The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5321 | 1 Filemaker | 2 Filemaker Pro, Filemaker Pro Advanced | 2024-08-06 | N/A |
FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2319. | ||||
CVE-2014-5239 | 1 Microsoft | 1 Outlook.com | 2024-08-06 | N/A |
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-5171 | 1 Sap | 1 Hana Extended Application Services | 2024-08-06 | N/A |
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. | ||||
CVE-2014-5075 | 2 Igniterealtime, Redhat | 2 Smack Api, Jboss Fuse | 2024-08-06 | N/A |
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |