Export limit exceeded: 359658 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4580 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6550 | 1 Bb\&t | 1 The U | 2025-04-12 | N/A |
| The U by BB&T app 1.5.4 and earlier for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-2053 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-12 | N/A |
| The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. | ||||
| CVE-2014-6958 | 1 Core-apps | 1 Ismrm-esmrmb 2014 | 2025-04-12 | N/A |
| The ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application 6.0.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-1067 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1637. | ||||
| CVE-2015-0285 | 1 Openssl | 1 Openssl | 2025-04-12 | N/A |
| The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before 1.0.2a does not ensure that the PRNG is seeded before proceeding with a handshake, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and then conducting a brute-force attack. | ||||
| CVE-2015-1129 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | ||||
| CVE-2014-5881 | 1 Yahoo | 1 Yahoo Ybox | 2025-04-12 | N/A |
| The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-1145 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | ||||
| CVE-2014-7948 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate. | ||||
| CVE-2015-1146 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | ||||
| CVE-2015-0282 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2025-04-12 | N/A |
| GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | ||||
| CVE-2016-5084 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2025-04-12 | N/A |
| Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-7754 | 1 Appsworld | 1 Condor S.e. | 2025-04-12 | N/A |
| The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5960 | 1 Kbv | 1 Federal Doctors | 2025-04-12 | N/A |
| The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6964 | 1 Hyonga | 1 Hanyang University Admissions | 2025-04-12 | N/A |
| The Hanyang University Admissions (aka kr.ac.hanyang.planner) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-2107 | 8 Canonical, Debian, Google and 5 more | 18 Ubuntu Linux, Debian Linux, Android and 15 more | 2025-04-12 | 5.9 Medium |
| The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | ||||
| CVE-2014-5889 | 1 Androidforums | 1 Forum For Android | 2025-04-12 | N/A |
| The Android Forums (aka com.tapatalk.androidforumscom) application 2.4.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6701 | 1 Vendormate | 1 Vendormate Mobile | 2025-04-12 | N/A |
| The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2016-6838 | 1 Huawei | 18 Ch121 V3 Server, Ch121 V3 Server Firmware, Ch140 V3 Server and 15 more | 2025-04-12 | N/A |
| Huawei X6800 and XH620 V3 servers with software before V100R003C00SPC606, RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, CH140 V3 and CH226 V3 servers with software before V100R001C00SPC122, CH220 V3 servers with software before V100R001C00SPC201, and CH121 V3 and CH222 V3 servers with software before V100R001C00SPC202 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSH encryption algorithm. | ||||
| CVE-2014-7788 | 1 Best Free Giveaways Project | 1 Best Free Giveaways | 2025-04-12 | N/A |
| The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||