Total
2507 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-0042 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors. | ||||
| CVE-2014-0103 | 2 Fedoraproject, Zarafa | 3 Fedora, Webapp, Zarafa | 2025-04-12 | N/A |
| WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | ||||
| CVE-2014-0164 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise 1.2.7 and 2.0.5, uses world-readable permissions for the mcollective client.cfg configuration file, which allows local users to obtain credentials and other sensitive information by reading the file. | ||||
| CVE-2014-0351 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. | ||||
| CVE-2014-7539 | 1 Zhang Zhijun Taiwan Visit 2014-06-25 Project | 1 Zhang Zhijun Taiwan Visit 2014-06-25 | 2025-04-12 | N/A |
| The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-0636 | 1 Dell | 1 Bsafe Micro-edition-suite | 2025-04-12 | N/A |
| EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. | ||||
| CVE-2014-0741 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The certificate-import feature in the Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to read or modify arbitrary files via a crafted command, aka Bug ID CSCum95461. | ||||
| CVE-2014-7550 | 1 Basketball News \& Videos Project | 1 Basketball News \& Videos | 2025-04-12 | N/A |
| The basketball news & videos (aka com.basketbal.news.caesar) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-0866 | 1 Ibm | 2 Algo Credit Limits, Algorithmics | 2025-04-12 | N/A |
| RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-0936 | 1 Ibm | 1 Security Appscan Source | 2025-04-12 | N/A |
| IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-1210 | 1 Vmware | 1 Vsphere Client | 2025-04-12 | N/A |
| VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate. | ||||
| CVE-2014-7568 | 1 Automon | 1 Marcus Butler Unofficial | 2025-04-12 | N/A |
| The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5782 | 1 Playscape | 1 Bouncy Bill Holloween | 2025-04-12 | N/A |
| The Bouncy Bill Halloween (aka mominis.Generic_Android.Bouncy_Bill_Halloween) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5792 | 1 Drecom | 1 Reign Of Dragons\ | 2025-04-12 | N/A |
| The Reign of Dragons: Build-Battle (aka net.gree.android.pf.greeapp57501) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5794 | 1 Passion4profession | 1 8 Minutes Abs Workout | 2025-04-12 | N/A |
| The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5785 | 1 Playscape | 1 Bouncy Bill World-cup | 2025-04-12 | N/A |
| The Bouncy Bill World-Cup (aka mominis.Generic_Android.Bouncy_Bill_World_Cup) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7597 | 1 Gowkster | 1 Fabulas Infantiles | 2025-04-12 | N/A |
| The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-1771 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| SChannel in Microsoft Internet Explorer 6 through 11 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "TLS Server Certificate Renegotiation Vulnerability." | ||||
| CVE-2014-5799 | 1 Nonghyup | 1 Smart Card | 2025-04-12 | N/A |
| The smart.card (aka nh.smart.card) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-2250 | 1 Siemens | 6 Simatic S7 Cpu-1211c, Simatic S7 Cpu 1200 Firmware, Simatic S7 Cpu 1212c and 3 more | 2025-04-12 | N/A |
| The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 does not have sufficient entropy, which makes it easier for remote attackers to defeat cryptographic protection mechanisms and hijack sessions via unspecified vectors, a different vulnerability than CVE-2014-2251. | ||||