Search Results (2511 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6445 1 Redhat 1 Enterprise Mrg 2025-04-12 N/A
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
CVE-2014-7750 1 Pocketmags 1 Taster Magazine 2025-04-12 N/A
The Taster Magazine (aka com.magazinecloner.taster) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7752 1 Nasioc 1 Nasioc 2025-04-12 N/A
The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-6371 3 Fedoraproject, Json-c, Redhat 3 Fedora, Json-c, Enterprise Linux 2025-04-12 N/A
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
CVE-2014-7745 1 133 1 Flight Manager 2025-04-12 N/A
The Flight Manager (aka com.flightmanager.view) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7746 1 Pocketmags 1 Fusion Flowers - Weddings 2025-04-12 N/A
The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7749 1 Intsig 1 Camdictionary 2025-04-12 N/A
The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-7270 1 Microsoft 1 .net Framework 2025-04-12 N/A
The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability."
CVE-2014-0361 1 Toshibacommerce 1 4690 Point Of Sale Operating System 2025-04-12 N/A
The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file.
CVE-2014-0848 1 Ibm 1 Netezza Performance Portal 2025-04-12 N/A
The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server component in IBM Netezza Performance Portal 2.0 before 2.0.0.4 have weak SSLCipherSuite values, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
CVE-2013-4346 2 Redhat, Urbanairship 3 Satellite, Satellite Capsule, Python-oauth2 2025-04-12 N/A
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
CVE-2013-6807 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses.
CVE-2014-7646 1 Buzztouch 1 Emt-paramedic Lite 2025-04-12 N/A
The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7033 1 Livezilla 1 Livezilla 2025-04-12 N/A
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.
CVE-2014-7650 1 Ashok88 1 Jja- Juvenile Justice Act 1986 2025-04-12 N/A
The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-6899 1 Huawei 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more 2025-04-12 N/A
The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm.
CVE-2014-0036 1 Amos Benari 1 Rbovirt 2025-04-12 N/A
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
CVE-2013-6805 1 Opentext 1 Exceed Ondemand 2025-04-12 N/A
OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file.
CVE-2014-0936 1 Ibm 1 Security Appscan Source 2025-04-12 N/A
IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-0860 1 Ibm 6 Advanced Management Module, Advanced Management Module Firmware, Integrated Management Module and 3 more 2025-04-12 N/A
The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface.