Export limit exceeded: 363299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0869 1 Ibm 2 Algo Credit Limits, Algorithmics 2025-04-12 N/A
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.
CVE-2014-9037 3 Debian, Mageia Project, Wordpress 3 Debian Linux, Mageia, Wordpress 2025-04-12 N/A
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.
CVE-2016-5084 1 Animas 2 Onetouch Ping, Onetouch Ping Firmware 2025-04-12 N/A
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-5239 1 Microsoft 1 Outlook.com 2025-04-12 N/A
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-1584 1 Mozilla 1 Firefox 2025-04-12 N/A
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
CVE-2014-5369 1 Enigmail 1 Enigmail 2025-04-12 N/A
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-7310 1 Ali Visual Project 1 Ali Visual 2025-04-12 N/A
The Ali Visual (aka com.ali.visual) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7345 1 Diychatroom 1 Diychatroom 2025-04-12 N/A
The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5536 1 Bashgaming 1 Bingo Bash Free Bingo Casino 2025-04-12 N/A
The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5545 1 Torrnad0 1 Sprint Jump 2025-04-12 N/A
The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5546 1 Little Games 1 Africa Memory 2025-04-12 N/A
The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5549 1 Starluxstudios 1 Puppy Slots 2025-04-12 N/A
The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7351 1 Magzter 1 Global Movie Magazine 2025-04-12 N/A
The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5550 1 Ilearnwith 1 Animals\! Kids Preschool Games 2025-04-12 N/A
The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5985 1 Topappsbuilder Project 1 Animal Kaiser Zangetsu 2025-04-12 N/A
The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5599 1 Withhive 1 Tiny Farm 2025-04-12 N/A
The Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.android.common) application 2.02.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7361 1 Emunching 1 Harry\'s Pub 2025-04-12 N/A
The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5600 1 Familyconnect Project 1 Familyconnect 2025-04-12 N/A
The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5601 1 1800contacts 1 1800contacts App 2025-04-12 N/A
The 1800CONTACTS App (aka com.contacts1800.ecomapp) application 2.7.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5603 1 Deskroll 1 Deskroll Remote Desktop 2025-04-12 N/A
The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.