Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6872 | 1 Ttnetmuzik | 1 Ttnet Muzik | 2025-04-12 | 5.4 MEDIUM | N/A |
| The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6883 | 1 Cnn | 1 Cnnmoney Portfolio For Stocks | 2025-04-12 | 5.4 MEDIUM | N/A |
| The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7066 | 1 Magzter | 1 Legalera | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LegalEra (aka com.magzter.legalera) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6824 | 1 Kamkomesan Project | 1 Kamkomesan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7535 | 1 Pocketmags | 1 Classic Racer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5551 | 1 Ilearnwith | 1 Alphabet \& Spelling Kids Games | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7787 | 1 Synapse | 1 Ishuttle | 2025-04-12 | 5.4 MEDIUM | N/A |
| The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7038 | 1 Al Jazeera Project | 1 Al Jazeera | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6867 | 1 Sortir-en-alsace | 1 Sortir En Alsace | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Sortir en Alsace (aka com.axessweb.sortirenalsace) application 0.5b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5588 | 1 Free Ebooks Project | 1 Free Ebooks | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2011-3685 | 1 Tembria | 1 Server Monitor | 2025-04-11 | 1.9 LOW | N/A |
| Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution cipher to encrypt application credentials, which allows local users to obtain sensitive information by leveraging read access to (1) authentication.dat or (2) XML files in the Exports directory. | |||||
| CVE-2010-3869 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2025-04-11 | 4.0 MEDIUM | N/A |
| Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN. | |||||
| CVE-2012-0381 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-11 | 7.8 HIGH | 7.5 HIGH |
| The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.2.xSG before 3.2.2SG allows remote attackers to cause a denial of service (device reload) by sending IKE UDP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCts38429. | |||||
| CVE-2013-6169 | 1 Process-one | 1 Ejabberd | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. | |||||
| CVE-2013-1921 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 1.9 LOW | N/A |
| PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. | |||||
| CVE-2012-4115 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 5.8 MEDIUM | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. | |||||
| CVE-2011-1128 | 1 Simplemachines | 1 Smf | 2025-04-11 | 7.5 HIGH | N/A |
| The loadUserSettings function in Load.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly handle invalid login attempts, which might make it easier for remote attackers to obtain access or cause a denial of service via a brute-force attack. | |||||
| CVE-2013-1740 | 1 Mozilla | 1 Network Security Services | 2025-04-11 | 5.8 MEDIUM | N/A |
| The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. | |||||
| CVE-2012-5936 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2009-5014 | 1 Turbogears | 1 Turbogears2 | 2025-04-11 | 7.5 HIGH | N/A |
| The default quickstart configuration of TurboGears2 (aka tg2) before 2.0.2 has a weak cookie salt, which makes it easier for remote attackers to bypass repoze.who authentication via a forged authorization cookie, a related issue to CVE-2010-3852. | |||||