Search Results (4595 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7587 1 Designtoolkits 1 Blocked In Free 2025-04-12 N/A
The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7589 1 Icbc 1 Industrial And Commercial Bank Of China 2025-04-12 N/A
The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7596 1 Paramore Project 1 Paramore 2025-04-12 N/A
The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-7270 1 Microsoft 1 .net Framework 2025-04-12 N/A
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
CVE-2014-7608 1 Carrierenterprise 1 Carrier Enterprise Hvac Assist 2025-04-12 N/A
The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7609 1 Miniclip 1 Istunt 2 2025-04-12 N/A
The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7618 1 Moderndecoration 1 Interior Design 2025-04-12 N/A
The Interior Design (aka com.interior.design.mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-8224 1 Lenovo 57 Bios, Notebook 110 14ibr, Notebook 110 14ibr Bios and 54 more 2025-04-12 N/A
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
CVE-2014-7688 1 Home Improvement Project 1 Home Improvement 2025-04-12 N/A
The Home Improvement (aka com.whomeimprovementapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7690 1 Myfone 1 Myfone Shopping 2025-04-12 N/A
The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7692 1 Rowlandsolutions 1 Lent Experience 2025-04-12 N/A
The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6646 1 Bellyhoodcom Project 1 Bellyhoodcom 2025-04-12 N/A
The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7803 1 Onesolutionapps 1 Woodward Bail 2025-04-12 N/A
The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6708 1 Sportinginnovations 1 Utah Jazz 2025-04-12 N/A
The Sporting Club Uphoria (aka com.sportinginnovations.skc) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3604 2 Not Yet Commons Ssl Project, Redhat 2 Not Yet Commons Ssl, Jboss Enterprise Soa Platform 2025-04-12 N/A
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-6735 1 Bmobile 1 Imagine Next Bmobile 2025-04-12 N/A
The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3613 3 Apple, Haxx, Redhat 4 Mac Os X, Curl, Libcurl and 1 more 2025-04-12 N/A
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
CVE-2014-6737 1 Ultimate Target-armored Sniper Project 1 Ultimate Target-armored Sniper 2025-04-12 N/A
The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6738 1 Joungouapps 1 Maccabi Tel Aviv 2025-04-12 N/A
The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-2125 1 Openbsd 1 Opensmtpd 2025-04-12 N/A
OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open.