Search Results (4603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3403 1 Cisco 1 Ios Xe 2025-04-12 N/A
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
CVE-2014-7468 1 Ag-klettern-odenwald 1 Ag Klettern Odenwald 2025-04-12 N/A
The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3436 1 Symantec 2 Encryption Desktop, Pgp Desktop 2025-04-12 N/A
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
CVE-2014-7402 1 Encardirect 1 Sk Encar 2025-04-12 N/A
The SK encar (aka com.encardirect.app) application @7F050000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7517 1 Myanmar Movies Hd Project 1 Myanmar Movies Hd 2025-04-12 N/A
The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7589 1 Icbc 1 Industrial And Commercial Bank Of China 2025-04-12 N/A
The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7604 1 Easy Tips For Glowing Skin Project 1 Easy Tips For Glowing Skin 2025-04-12 N/A
The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7620 1 Authorsontourlive 1 Authors On Tour - Live\! 2025-04-12 N/A
The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7452 1 Shaklee Product Catalog Project 1 Shaklee Product Catalog 2025-04-12 N/A
The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7437 1 Love Horoscope Guide Project 1 Love Horoscope Guide 2025-04-12 N/A
The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-2323 1 Fortinet 1 Fortios 2025-04-12 N/A
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets.
CVE-2014-7423 1 Magzter 1 Youth Incorporated 2025-04-12 N/A
The Youth Incorporated (aka com.magzter.youthincorporated) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2012-5583 1 Apereo 1 Phpcas 2025-04-12 N/A
phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-7364 1 Promotionalshop 1 Promotional Items 2025-04-12 N/A
The Promotional Items (aka com.wPromotionalItems) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7340 1 Pocketmags 1 Old Bike Mart 2025-04-12 N/A
The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F08017E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7323 1 Magzter 1 Dignity Dialogue 2025-04-12 N/A
The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-9037 3 Debian, Mageia Project, Wordpress 3 Debian Linux, Mageia, Wordpress 2025-04-12 N/A
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
CVE-2014-7316 1 Synrevoice 1 Safe Arrival 2025-04-12 N/A
The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7120 1 Pocketmags 1 Model Laboratory 2025-04-12 N/A
The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7408 1 F5 1 Big-ip Analytics 2025-04-12 N/A
F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value.