Search Results (4416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7122 1 Gannett 1 Lansing State Journal Print 2025-04-12 N/A
The Lansing State Journal Print (aka com.lansingjournal.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7123 1 Vbwebdesigner 1 Brevir Harian V2 2025-04-12 N/A
The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7124 1 Consulo 1 Ip Alarm 2025-04-12 N/A
The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7127 1 Pocketmags 1 Football Espana Magazine 2025-04-12 N/A
The Football Espana magazine (aka com.triactivemedia.footballespana) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0936 1 Ibm 1 Security Appscan Source 2025-04-12 N/A
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2016-1731 1 Apple 1 Software Update 2025-04-12 N/A
Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream.
CVE-2016-1777 1 Apple 1 Mac Os X Server 2025-04-12 N/A
Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2015-1129 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.
CVE-2014-2046 1 Broadcom 2 Pipa C211, Pipa C211 Web Interface 2025-04-12 N/A
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.
CVE-2014-6939 1 Xlabz 1 Sketch W Friends Free -tablets 2025-04-12 N/A
The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6942 1 Automon 1 Alisha Marie 2025-04-12 N/A
The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6948 1 Th3professional 1 Th3 Professional Al Mohtarif 2025-04-12 N/A
The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6952 1 Manga Facts Project 1 Manga Facts 2025-04-12 N/A
The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6954 1 Deer Hunting Calls \+ Guide Project 1 Deer Hunting Calls \+ Guide 2025-04-12 N/A
The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6960 1 Sourcelink 1 Multitrac 2025-04-12 N/A
The Multitrac (aka com.multitrac) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6962 1 Publicstuff 1 Elk Grove Publicstuff 2025-04-12 N/A
The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-1469 1 Blackberry 3 Blackberry Enterprise Service, Enterprise Server, Enterprise Server Express 2025-04-12 N/A
BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise Service 10.x before 10.2.2 log cleartext credentials during exception handling, which allows local users to obtain sensitive information by reading the exception log file.
CVE-2014-6074 1 Ibm 1 Urbancode Deploy 2025-04-12 N/A
IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.
CVE-2014-6084 1 Ibm 2 Security Access Manager For Mobile, Security Access Manager For Web 2025-04-12 N/A
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak SSL cipher.
CVE-2014-6087 1 Ibm 2 Security Access Manager For Mobile, Security Access Manager For Web 2025-04-12 N/A
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 make it easier for remote attackers to obtain sensitive information by sniffing the network during use of a weak algorithm in an SSL cipher suite.