Total
2486 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4442 | 1 Pwgen Project | 1 Pwgen | 2025-04-12 | N/A |
| Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | ||||
| CVE-2014-5769 | 1 Mobiscope | 1 Mobiscope Local | 2025-04-12 | N/A |
| The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2013-4488 | 1 Libgadu | 1 Libgadu | 2025-04-12 | N/A |
| libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. | ||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2025-04-12 | 5.3 Medium |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | ||||
| CVE-2013-4595 | 1 Gordon Heydon | 1 Secure Pages | 2025-04-12 | N/A |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. | ||||
| CVE-2014-5774 | 1 Web Browser \& Explorer Project | 1 Web Browser \& Explorer | 2025-04-12 | N/A |
| The Web Browser & Explorer (aka internetexplorer.browser.webexplorer) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-4449 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5777 | 1 Cocoppa | 1 Icon Wallpaper Dressup-cocoppa | 2025-04-12 | N/A |
| The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application 2.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5779 | 1 Jackdapp | 1 Jack\'d - Gay Chat \& Dating | 2025-04-12 | N/A |
| The Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application 1.9.0a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5780 | 1 Playscape | 1 Bouncy Bill | 2025-04-12 | N/A |
| The Bouncy Bill (aka mominis.Generic_Android.Bouncy_Bill) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2010-4832 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. | ||||
| CVE-2013-6078 | 1 Emc | 2 Rsa Bsafe Toolkits, Rsa Data Protection Manager | 2025-04-12 | N/A |
| The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change. | ||||
| CVE-2013-5444 | 1 Ibm | 1 Cognos Express | 2025-04-12 | N/A |
| The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows remote attackers to read encrypted credentials via unspecified vectors. | ||||
| CVE-2013-5445 | 1 Ibm | 1 Cognos Express | 2025-04-12 | N/A |
| IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. | ||||
| CVE-2013-5468 | 1 Ibm | 1 Algo One | 2025-04-12 | N/A |
| IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-4632 | 1 Vmware | 1 Vsphere Data Protection | 2025-04-12 | N/A |
| VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 and the proxy client in EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x do not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certificate. | ||||
| CVE-2014-5788 | 1 Playscape | 1 Ninja Chicken Adventure Island | 2025-04-12 | N/A |
| The Ninja Chicken Adventure Island (aka mominis.Generic_Android.Ninja_Chicken_Adventure_Island) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5789 | 1 Playscape | 1 Ninja Chicken Ooga Booga | 2025-04-12 | N/A |
| The Ninja Chicken Ooga Booga (aka mominis.Generic_Android.Ninja_Chicken_Ooga_Booga) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-4881 | 1 Partytrack Library Project | 1 Partytrack Library | 2025-04-12 | N/A |
| The PartyTrack library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-0350 | 1 Pocoproject | 1 Poco C\+\+ Libraries | 2025-04-12 | N/A |
| The Poco::Net::X509Certificate::verify method in the NetSSL library in POCO C++ Libraries before 1.4.6p4 allows man-in-the-middle attackers to spoof SSL servers via crafted DNS PTR records that are requested during comparison of a server name to a wildcard domain name in an X.509 certificate. | ||||