Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-4896 | 1 Mobileappspartner | 1 Parque Imperial | 2024-08-06 | N/A |
The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-4887 | 1 Nobexrc | 1 Joint Radio Blues | 2024-08-06 | N/A |
The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-4905 | 1 Cleaninternet | 1 Clean Internet Browser | 2024-08-06 | N/A |
The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-4630 | 1 Dell | 2 Bsafe Micro-edition-suite, Bsafe Ssl-j | 2024-08-06 | N/A |
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | ||||
CVE-2014-4623 | 1 Emc | 1 Avamar | 2024-08-06 | N/A |
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack. | ||||
CVE-2014-4632 | 1 Vmware | 1 Vsphere Data Protection | 2024-08-06 | N/A |
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. | ||||
CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-4391 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource. | ||||
CVE-2014-4430 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. | ||||
CVE-2014-4448 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID. | ||||
CVE-2014-4447 | 1 Apple | 1 Os X Server | 2024-08-06 | N/A |
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | ||||
CVE-2014-4428 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. | ||||
CVE-2014-4432 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | ||||
CVE-2014-4422 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers. | ||||
CVE-2014-4352 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | ||||
CVE-2014-4364 | 1 Apple | 2 Iphone Os, Tvos | 2024-08-06 | N/A |
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash. | ||||
CVE-2014-4193 | 1 Dell | 1 Bsafe Share | 2024-08-06 | N/A |
The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755. | ||||
CVE-2014-4040 | 2 Powerpc-utils Project, Redhat | 2 Powerpc-utils, Enterprise Linux | 2024-08-06 | N/A |
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream. | ||||
CVE-2014-3908 | 1 Amazon | 1 Kindle | 2024-08-06 | N/A |
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-3902 | 1 Cyberagent | 1 Ameba | 2024-08-06 | N/A |
The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |