Search Results (4593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5778 1 Pou 1 Pou 2025-04-12 N/A
The Pou (aka me.pou.app) application 1.4.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5779 1 Jackdapp 1 Jack\'d - Gay Chat \& Dating 2025-04-12 N/A
The Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application 1.9.0a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5786 1 Playscape 1 Jewels \& Diamonds 2025-04-12 N/A
The Jewels & Diamonds (aka mominis.Generic_Android.Jewels_and_Diamonds) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5787 1 Playscape 1 Ninja Chicken 2025-04-12 N/A
The Ninja Chicken (aka mominis.Generic_Android.Ninja_Chicken) application 1.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5790 1 Playscape 1 Pets Fun House 2025-04-12 N/A
The Pets Fun House (aka mominis.Generic_Android.Pets_Fun_House) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5791 1 Daumcorp 1 Daum Cloud 2025-04-12 N/A
The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5792 1 Drecom 1 Reign Of Dragons\ 2025-04-12 N/A
The Reign of Dragons: Build-Battle (aka net.gree.android.pf.greeapp57501) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5793 1 Mobilecraft 1 Bilgi Yarisi 2025-04-12 N/A
The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5794 1 Passion4profession 1 8 Minutes Abs Workout 2025-04-12 N/A
The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5798 1 Nonghyup 1 Smart Calculator 2025-04-12 N/A
The smart.calculator (aka nh.smart.calculator) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5799 1 Nonghyup 1 Smart Card 2025-04-12 N/A
The smart.card (aka nh.smart.card) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5800 1 Nonghyup 1 Smart Nhibzbanking 2025-04-12 N/A
The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5801 1 Ocshield 1 Datagard Vpn \+ Av 2025-04-12 N/A
The DataGard VPN + AV (aka ocshield.com) application @7F050013 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-6550 1 Bb\&t 1 The U 2025-04-12 N/A
The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0204 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-12 N/A
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
CVE-2012-5662 1 Paul Mattes 1 X3270 2025-04-12 N/A
x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-6938 1 Webizz 1 Apostilas Musicais 2025-04-12 N/A
The Apostilas musicais (aka com.apostilas) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0296 1 Microsoft 4 Windows 7, Windows 8, Windows 8.1 and 1 more 2025-04-12 N/A
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly encrypt sessions, which makes it easier for man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify session content by sending crafted RDP packets, aka "RDP MAC Vulnerability."
CVE-2014-7380 1 Apps2you 1 Cedar Kiosk 2025-04-12 N/A
The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-0848 1 Ibm 1 Netezza Performance Portal 2025-04-12 N/A
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.