Search Results (2509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1568 5 Apple, Google, Microsoft and 2 more 14 Mac Os X, Chrome, Chrome Os and 11 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.
CVE-2014-1967 1 7andi-fs.co 1 Denny\'s 2025-04-12 N/A
The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-8886 1 Avm 1 Fritz\! Os 2025-04-12 N/A
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and consequently execute arbitrary code, via a crafted firmware image.
CVE-2014-6645 1 Batch 1 Batch Library 2025-04-12 N/A
The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6662 1 Krstarica 1 Forum Krstarice 2025-04-12 N/A
The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6672 1 Friendcasterapp 1 Friendcaster 2025-04-12 N/A
The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6679 1 Wepisdparentportal Project 1 Wepisdparentportal 2025-04-12 N/A
The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6683 1 Openelectrical 1 Open Electrical Webser 2025-04-12 N/A
The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6812 1 Qmania 1 Aloha Guide 2025-04-12 N/A
The Aloha Guide (aka com.aloha.guide.english) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6711 1 Nobexrc 1 Abc Lounge Webradio 2025-04-12 N/A
The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6726 1 30a 1 30a 2025-04-12 N/A
The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6839 1 Webizz 1 Alma Corinthiana 2025-04-12 N/A
The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6741 1 Tribunenews365 1 John Macarthur 2025-04-12 N/A
The John MacArthur (aka com.john.macarthur) application 1.0.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6746 1 Infinitiusa 1 Infiniti Roadside Assistance 2025-04-12 N/A
The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2576 2 Claws-mail, Opensuse 2 Claws-mail, Opensuse 2025-04-12 N/A
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
CVE-2014-6754 1 Vector 1 Vector Outage Manager 2025-04-12 N/A
The Vector Outage Manager (aka nz.co.vector.outagemanager) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6761 1 Pimpstore 1 Aprende A Meditar 2025-04-12 N/A
The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6769 1 Mobilesoft 1 Meteo Belgique 2025-04-12 N/A
The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6771 1 Uhcu 1 United Heritage Mobile 2025-04-12 N/A
The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6776 1 Uanw 1 United Advantage Nw Federal Cr 2025-04-12 N/A
The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.