Total
2480 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-7042 | 1 Nteloswireless | 1 My Ntelos | 2024-08-06 | N/A |
The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: nTelos Wireless has indicated that this vulnerability report is incorrect | ||||
CVE-2014-8242 | 1 Librsync Project | 1 Librsync | 2024-08-06 | N/A |
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. | ||||
CVE-2014-8275 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2024-08-06 | N/A |
OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. | ||||
CVE-2014-8243 | 1 Linksys | 20 E4200v2, E4200v2 Firmware, Ea2700 and 17 more | 2024-08-06 | N/A |
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote attackers to obtain the administrator's MD5 password hash via a direct request for the /.htpasswd URI. | ||||
CVE-2014-7991 | 1 Cisco | 1 Unified Communications Manager | 2024-08-06 | N/A |
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376. | ||||
CVE-2014-7948 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate. | ||||
CVE-2014-7968 | 1 Redhat | 3 Enterprise Linux, Rhev Manager, Virtual Desktop Service Manager | 2024-08-06 | N/A |
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | ||||
CVE-2014-7772 | 1 Mb Tickets Project | 1 Mb Tickets | 2024-08-06 | N/A |
The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7780 | 1 Ienvisage | 1 Pakistan Cricket News | 2024-08-06 | N/A |
The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7878 | 1 Hp | 1 Helion Cloud Development Platform | 2024-08-06 | N/A |
The Application Lifecycle Service (ALS) in HP Helion Cloud Development Platform 1.0, when a virtual machine is derived from the Seed Node image, uses the same security keys across different customers' installations, which allows remote attackers to execute arbitrary code by leveraging these keys for a connection. | ||||
CVE-2014-7808 | 1 Apache | 1 Wicket | 2024-08-06 | 7.5 High |
Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | ||||
CVE-2014-7785 | 1 Onesolutionapps | 1 Aaaa Discount Bail | 2024-08-06 | N/A |
The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7799 | 1 Squishy Birds Project | 1 Squishy Birds | 2024-08-06 | N/A |
The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7803 | 1 Onesolutionapps | 1 Woodward Bail | 2024-08-06 | N/A |
The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7776 | 1 Snaplion | 1 Kavita Ks | 2024-08-06 | N/A |
The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7798 | 1 Enyetech | 1 Coca-cola Fm Brasil | 2024-08-06 | N/A |
The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7768 | 1 Analects Of Confucius Project | 1 Analects Of Confucius | 2024-08-06 | N/A |
The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7784 | 1 Magzter | 1 Schon\! Magazine | 2024-08-06 | N/A |
The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7802 | 1 Appa-apps | 1 Top Roller Coasters Europe 2 | 2024-08-06 | N/A |
The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
CVE-2014-7794 | 1 Narr8 | 1 Knights Of The Void | 2024-08-06 | N/A |
The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |