Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7015 1 Jjmatch 1 Jj Texas Hold\'em Poker 2025-04-12 N/A
The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7016 1 Mahasna Batik Project 1 Mahasna Batik 2025-04-12 N/A
The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7018 1 Efunfun 1 Love Dance 2025-04-12 N/A
The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application 1.2.0626 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7023 1 Find Color Project 1 Find Color 2025-04-12 N/A
The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7027 1 Pimpstore 1 Esercizi Per Le Donne 2025-04-12 N/A
The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-9742 1 Botan Project 1 Botan 2025-04-12 N/A
The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x before 1.11.9 improperly uses a single random base, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a DH group.
CVE-2015-0118 1 Ibm 2 Integration Bus, Websphere Message Broker 2025-04-12 N/A
IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node.
CVE-2015-0138 2 Ibm, Redhat 3 Tivoli Directory Server, Network Satellite, Rhel Extras 2025-04-12 N/A
GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before 6.0.0.73-ISS-ITDS-IF0073, 6.1 before 6.1.0.66-ISS-ITDS-IF0066, 6.2 before 6.2.0.42-ISS-ITDS-IF0042, and 6.3 before 6.3.0.35-ISS-ITDS-IF0035 and IBM Security Directory Server (ISDS) 6.3.1 before 6.3.1.9-ISS-ISDS-IF0009 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
CVE-2015-6932 1 Vmware 1 Vcenter Server 2025-04-12 N/A
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-2053 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c.
CVE-2016-2107 8 Canonical, Debian, Google and 5 more 18 Ubuntu Linux, Debian Linux, Android and 15 more 2025-04-12 5.9 Medium
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169.
CVE-2015-1355 1 Siemens 1 Simatic Step 7 2025-04-12 N/A
Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack.
CVE-2015-1358 1 Siemens 1 Wincc 2025-04-12 N/A
The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime functionality in SIMATIC WinCC flexible before 2008 SP3 Up7 does not properly encrypt credentials in transit, which makes it easier for remote attackers to determine cleartext credentials by sniffing the network and conducting a decryption attack.
CVE-2015-1453 1 Fortinet 1 Forticlient 2025-04-12 N/A
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
CVE-2015-1454 1 Bluecoat 2 Proxyclient, Unified Agent 2025-04-12 N/A
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
CVE-2015-1570 1 Fortinet 1 Forticlient 2025-04-12 N/A
The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate.
CVE-2015-1571 1 Fortinet 1 Fortios 2025-04-12 N/A
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack.
CVE-2015-8281 1 Samsung 1 Web Viewer 2025-04-12 N/A
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations.
CVE-2015-1672 1 Microsoft 1 .net Framework 2025-04-12 N/A
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka ".NET XML Decryption Denial of Service Vulnerability."
CVE-2014-5938 1 Alldealsasia 1 Alldealsasia All Deals Ada App 2025-04-12 N/A
The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.