ReportizFlow
Filtered by vendor
Subscriptions
Total
2505 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2323 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets. | ||||
| CVE-2016-1948 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | ||||
| CVE-2014-5763 | 1 Zoodles | 1 Kid Mode\ | 2025-04-12 | N/A |
| The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application 4.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-3903 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls over SSL, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5664 | 1 Mobilityware | 1 Spider Solitaire | 2025-04-12 | N/A |
| The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-4637 | 1 F5 | 4 Big-iq Adc, Big-iq Cloud, Big-iq Device and 1 more | 2025-04-12 | N/A |
| The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. | ||||
| CVE-2016-10099 | 1 Borg Project | 1 Borg | 2025-04-12 | N/A |
| Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives. | ||||
| CVE-2014-5764 | 1 Nq | 1 Antivirus Free | 2025-04-12 | N/A |
| The Antivirus Free (aka com.zrgiu.antivirus) application 7.2.16.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7616 | 1 Physicsforums | 1 Physics Forums | 2025-04-12 | N/A |
| The Physics Forums (aka com.tapatalk.physicsforumscom) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7618 | 1 Moderndecoration | 1 Interior Design | 2025-04-12 | N/A |
| The Interior Design (aka com.interior.design.mcreda) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7620 | 1 Authorsontourlive | 1 Authors On Tour - Live\! | 2025-04-12 | N/A |
| The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7621 | 1 Ein Lookup Project | 1 Ein Lookup | 2025-04-12 | N/A |
| The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7626 | 1 Atme | 1 Atme | 2025-04-12 | N/A |
| The Atme (aka com.bedigital.atme) application 1.0.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7628 | 1 Priorswood | 1 Acorn Comms | 2025-04-12 | N/A |
| The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6911 | 1 Diziturky | 1 Diziturky Hd 2015 | 2025-04-12 | N/A |
| The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7638 | 1 Nobexrc | 1 Fabuestereo 88.1 Fm | 2025-04-12 | N/A |
| The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7646 | 1 Buzztouch | 1 Emt-paramedic Lite | 2025-04-12 | N/A |
| The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | N/A |
| Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | ||||
| CVE-2015-2471 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | N/A |
| Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. | ||||
| CVE-2014-0351 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. | ||||