Total
2502 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8642 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. | ||||
| CVE-2014-9742 | 1 Botan Project | 1 Botan | 2025-04-12 | N/A |
| The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group. | ||||
| CVE-2015-5012 | 1 Ibm | 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2025-04-12 | N/A |
| The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||||
| CVE-2015-0118 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | N/A |
| IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node. | ||||
| CVE-2015-3610 | 1 Siemens | 1 Homecontrol For Room Automation | 2025-04-12 | N/A |
| The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate. | ||||
| CVE-2014-7789 | 1 Zillionmuslims | 1 Zillion Muslims | 2025-04-12 | N/A |
| The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7793 | 1 Cb - Calciatori Brutti Project | 1 Cb - Calciatori Brutti | 2025-04-12 | N/A |
| The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7794 | 1 Narr8 | 1 Knights Of The Void | 2025-04-12 | N/A |
| The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7799 | 1 Squishy Birds Project | 1 Squishy Birds | 2025-04-12 | N/A |
| The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7800 | 1 Daily Green Project | 1 Daily Green | 2025-04-12 | N/A |
| The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7802 | 1 Appa-apps | 1 Top Roller Coasters Europe 2 | 2025-04-12 | N/A |
| The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7804 | 1 Apptreestudios | 1 Gangsta Auto Thief Iii | 2025-04-12 | N/A |
| The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-8538 | 1 Hijabmodern | 1 Hijab Modern | 2025-04-12 | N/A |
| The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-1129 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | ||||
| CVE-2015-1145 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | ||||
| CVE-2015-4288 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2025-04-12 | N/A |
| The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | ||||
| CVE-2015-1355 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | ||||
| CVE-2012-5583 | 1 Apereo | 1 Phpcas | 2025-04-12 | N/A |
| phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5662 | 1 Paul Mattes | 1 X3270 | 2025-04-12 | N/A |
| x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-6107 | 1 Apache | 1 Apache Axis2\/c | 2025-04-12 | N/A |
| Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||