Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1976 | 1 Yumenomachi | 1 Demaecan | 2014-03-18 | 5.8 MEDIUM | N/A |
| The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4579 | 1 Linux | 1 Linux Kernel | 2014-03-16 | 4.3 MEDIUM | N/A |
| The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a Wi-Fi device is listening, which allows remote attackers to discover the original MAC address after spoofing by sending a series of packets to MAC addresses with certain bit manipulations. | |||||
| CVE-2014-2319 | 1 Powerarchiver | 1 Powerarchiver | 2014-03-14 | 5.0 MEDIUM | N/A |
| The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. | |||||
| CVE-2013-3712 | 1 Suse | 2 Studio Extension For System Z, Studio Onsite | 2014-03-10 | 10.0 HIGH | N/A |
| SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors. | |||||
| CVE-2013-1921 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2014-03-08 | 1.9 LOW | N/A |
| PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file. | |||||
| CVE-2013-6950 | 1 Belkin | 1 Wemo Home Automation Firmware | 2014-03-06 | 7.8 HIGH | N/A |
| The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution server. | |||||
| CVE-2013-6952 | 1 Belkin | 1 Wemo Home Automation Firmware | 2014-03-06 | 10.0 HIGH | N/A |
| The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data. | |||||
| CVE-2011-3589 | 1 Redhat | 1 Kexec-tools | 2014-03-06 | 5.7 MEDIUM | N/A |
| The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, uses world-readable permissions for vmcore files, which allows local users to obtain sensitive information by inspecting the file content, as demonstrated by a search for a root SSH key. | |||||
| CVE-2011-3590 | 1 Redhat | 1 Kexec-tools | 2014-03-06 | 5.7 MEDIUM | N/A |
| The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive information by inspecting the file content. | |||||
| CVE-2011-3588 | 1 Redhat | 1 Kexec-tools | 2014-03-06 | 5.7 MEDIUM | N/A |
| The SSH configuration in the Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, disables the StrictHostKeyChecking option, which allows man-in-the-middle attackers to spoof kdump servers, and obtain sensitive core information, by using an arbitrary SSH key. | |||||
| CVE-2013-2319 | 1 Filemaker | 2 Filemaker Pro, Filemaker Pro Advanced | 2014-03-05 | 5.8 MEDIUM | N/A |
| FileMaker Pro before 12 and Pro Advanced before 12 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-1251 | 1 Opera | 1 Opera Browser | 2014-03-05 | 5.8 MEDIUM | N/A |
| Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-3641 | 1 Pizzahut | 1 Pizza Hut Japan Official Order Application | 2014-03-05 | 5.8 MEDIUM | N/A |
| The Pizza Hut Japan Official Order application before 1.1.1.a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4699 | 1 Yahoo | 1 Yafuoku\! | 2014-03-05 | 5.8 MEDIUM | N/A |
| The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4700 | 1 Yahoo | 1 Japan Shopping | 2014-03-05 | 5.8 MEDIUM | N/A |
| The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-1651 | 1 Open-xchange | 1 Open-xchange Server | 2014-03-05 | 5.8 MEDIUM | N/A |
| OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate. | |||||
| CVE-2013-1228 | 1 Cisco | 1 Jabber | 2014-03-05 | 4.3 MEDIUM | N/A |
| Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280. | |||||
| CVE-2013-5999 | 1 Kingsoft | 1 Kdrive | 2014-03-05 | 5.8 MEDIUM | N/A |
| Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1967 | 1 7andi-fs.co | 1 Denny\'s | 2014-02-27 | 5.8 MEDIUM | N/A |
| The Denny's application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6812 | 1 Nextdc | 1 Onedc | 2014-02-27 | 5.8 MEDIUM | N/A |
| The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||