Search Results (4595 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6025 1 Chartboost 1 Chartboost Library 2025-04-12 N/A
The Chartboost library before 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0010 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.
CVE-2014-6074 1 Ibm 1 Urbancode Deploy 2025-04-12 N/A
IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.
CVE-2014-6140 1 Ibm 1 Tivoli Endpoint Manager Mobile Device Management 2025-04-12 N/A
IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal.
CVE-2014-6153 1 Ibm 1 Websphere Service Registry And Repository 2025-04-12 N/A
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2016-7270 1 Microsoft 1 .net Framework 2025-04-12 N/A
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
CVE-2014-5589 1 Nowbrowser 1 Now Browser \(material\) 2025-04-12 N/A
The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application Material for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5613 1 Entertailion 1 Able Remote 2025-04-12 N/A
The Able Remote (aka com.entertailion.android.remote) application 2.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5637 1 Jogoeusei 1 Eu Sei 2025-04-12 N/A
The Eu Sei (aka com.guilardi.eusei) application eusei_android_5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5660 1 Mymembersfirst 1 Tn Members 1st Fcu-rdc 2025-04-12 N/A
The TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-3712 1 Suse 2 Studio Extension For System Z, Studio Onsite 2025-04-12 N/A
SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
CVE-2014-5661 1 Miniclip 1 Anger Of Stick 3 2025-04-12 N/A
The Anger of Stick 3 (aka com.miniclip.angerofstick3) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2900 1 Yassl 1 Cyassl 2025-04-12 N/A
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
CVE-2014-5669 1 9gag 1 9gag - Funny Pics And Videos 2025-04-12 N/A
The 9GAG - Funny pics and videos (aka com.ninegag.android.app) application 2.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5685 1 Runtastic 1 Runtastic Heart Rate 2025-04-12 N/A
The Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2992 1 Misli 1 Misli.com App 2025-04-12 N/A
The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2993 1 Birebin 1 Birebin.com App 2025-04-12 N/A
The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-4442 1 Pwgen Project 1 Pwgen 2025-04-12 N/A
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.
CVE-2014-6707 1 7sage 1 7sage Lsat Prep - Proctor 2025-04-12 N/A
The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6709 1 Techradar News Project 1 Techradar News 2025-04-12 N/A
The TechRadar News (aka com.techradar.news) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.