Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8281 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 7.8 HIGH | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. | |||||
| CVE-2014-3260 | 1 Pacom | 2 1000 Ccu Gms, Rtu Gms | 2015-12-31 | 6.8 MEDIUM | 7.5 HIGH |
| Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography. | |||||
| CVE-2014-5881 | 1 Yahoo | 1 Yahoo Ybox | 2015-12-18 | 5.4 MEDIUM | N/A |
| The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4911 | 2 Debian, Polarssl | 2 Debian Linux, Polarssl | 2015-12-04 | 5.0 MEDIUM | N/A |
| The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. | |||||
| CVE-2014-5239 | 1 Microsoft | 1 Outlook.com | 2015-12-04 | 4.0 MEDIUM | N/A |
| The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1453 | 1 Fortinet | 1 Forticlient | 2015-11-30 | 5.0 MEDIUM | N/A |
| The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences. | |||||
| CVE-2015-7286 | 1 Csl Dualcom | 2 Gprs, Gprs Cs2300-r Firmware | 2015-11-27 | 6.4 MEDIUM | N/A |
| CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic. | |||||
| CVE-2014-5848 | 1 Iqnect | 1 Dubstep Hero | 2015-11-10 | 5.4 MEDIUM | N/A |
| The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5655 | 1 Adways | 1 Party Track Sdk | 2015-11-10 | 5.8 MEDIUM | N/A |
| The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5717 | 1 Siemens | 1 Compas | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5578 | 1 Trading 212 | 1 Trading 212 Forex | 2015-11-04 | 5.4 MEDIUM | N/A |
| The Trading 212 FOREX (aka com.avuscapital.trading212) application before 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1910 | 1 Citrix | 2 Sharefile Mobile, Sharefile Mobile For Tablets | 2015-11-04 | 5.8 MEDIUM | N/A |
| Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 for Android do not verify X.509 certificates from SSL servers, which allow man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0103 | 2 Fedoraproject, Zarafa | 3 Fedora, Webapp, Zarafa | 2015-11-04 | 2.1 LOW | N/A |
| WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. | |||||
| CVE-2012-5811 | 1 Breezy | 1 Breezy | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2013-4669 | 5 Apple, Fortinet, Google and 2 more | 7 Mac Os X, Forticlient, Forticlient Lite and 4 more | 2015-11-04 | 5.4 MEDIUM | N/A |
| FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem. | |||||
| CVE-2012-5809 | 1 Groupon | 1 Groupon Merchants | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2015-6033 | 1 Qolsys | 1 Iq Panel | 2015-11-02 | 9.3 HIGH | N/A |
| Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update. | |||||
| CVE-2011-2223 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2015-10-29 | 5.0 MEDIUM | N/A |
| The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2015-1934 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2015-10-05 | 5.0 MEDIUM | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file. | |||||
| CVE-2015-1129 | 1 Apple | 2 Iphone Os, Safari | 2015-09-29 | 4.3 MEDIUM | N/A |
| Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site. | |||||