Search Results (4595 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6983 1 Nbe 1 Nbe 2025-04-12 N/A
The NBE (aka com.nbe.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6984 1 Shots 1 Shots 2025-04-12 N/A
The Shots (aka com.shots.android) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6985 1 Gcspublishing 1 Georgia Packing 2025-04-12 N/A
The Georgia Packing (aka com.tapatalk.georgiapackingorg) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6988 1 Lumberapps 1 Quotes In Images 2025-04-12 N/A
The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0164 1 Redhat 1 Openshift 2025-04-12 N/A
openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file.
CVE-2014-6991 1 Liveauctions 1 Liveauctions.tv 2025-04-12 N/A
The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7033 1 Livezilla 1 Livezilla 2025-04-12 N/A
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.
CVE-2013-7041 1 Cristian Gafton 1 Pam Userdb 2025-04-12 N/A
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
CVE-2014-6995 1 Adidas 1 Adidas Eyewear 2025-04-12 N/A
The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7019 1 Blynk 1 Clarks Inn 2025-04-12 N/A
The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7020 1 Diabetes 1 Diabetes Forum 2025-04-12 N/A
The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application 3.9.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7021 1 Leg Surgery - Kids Games Project 1 Leg Surgery - Kids Games 2025-04-12 N/A
The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7022 1 Modelisme 1 Modelisme.com Forum\/portail 2025-04-12 N/A
The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application 3.6.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7025 1 Whoisit 1 Who-is-it\? Lite Name Caller Time Limited Free 2025-04-12 N/A
The Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-4449 1 Apple 1 Iphone Os 2025-04-12 N/A
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7085 1 Independent 1 I Newspaper 2025-04-12 N/A
The i Newspaper (aka com.independent.thei) application @7F080184 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7101 1 Nobexrc 1 Talk Radio Europe 2025-04-12 N/A
The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2001 1 Jreast 1 Jr East Japan 2025-04-12 N/A
The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
CVE-2014-7103 1 Oskarshamnsliv Project 1 Oskarshamnsliv 2025-04-12 N/A
The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2046 1 Broadcom 2 Pipa C211, Pipa C211 Web Interface 2025-04-12 N/A
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.