Total
2451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8686 | 1 Codeigniter | 1 Codeigniter | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| CodeIgniter before 2.2.0 makes it easier for attackers to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available. | |||||
| CVE-2016-4457 | 1 Redhat | 1 Cloudforms Management Engine | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| CloudForms Management Engine before 5.8 includes a default SSL/TLS certificate. | |||||
| CVE-2014-8684 | 2 Codeigniter, Kohanaframework | 2 Codeigniter, Kohana | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through 3.3.2 make it easier for remote attackers to spoof session cookies and consequently conduct PHP object injection attacks by leveraging use of standard string comparison operators to compare cryptographic hashes. | |||||
| CVE-2015-8013 | 1 Openpgpjs | 1 Openpgpjs | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. | |||||
| CVE-2014-8878 | 1 Kde | 1 Kmail | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2016-6329 | 1 Openvpn | 1 Openvpn | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attack. | |||||
| CVE-2015-9003 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel. | |||||
| CVE-2015-7256 | 1 Zyxel | 50 C1000z, C1000z Firmware, Fr1000z and 47 more | 2025-04-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. | |||||
| CVE-2015-9107 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key or even a salt; therefore, it's possible to create a universal decryptor. | |||||
| CVE-2014-7808 | 1 Apache | 1 Wicket | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider. | |||||
| CVE-2016-10139 | 1 Adups | 1 Adups Fota | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The two package names involved in the exfiltration are com.adups.fota and com.adups.fota.sysoper. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. Therefore, the app executing as the system user has been granted a number of powerful permissions even though they are not present in the com.adups.fota.sysoper app's AndroidManifest.xml file. This app provides the com.adups.fota app access to the user's call log, text messages, and various device identifiers through the com.adups.fota.sysoper.provider.InfoProvider component. The com.adups.fota app uses timestamps when it runs and is eligible to exfiltrate the user's PII every 72 hours. If 72 hours have passed since the value of the timestamp, then the exfiltration will be triggered by the user plugging in the device to charge or when they leave or enter a wireless network. The exfiltration occurs in the background without any user interaction. | |||||
| CVE-2014-5986 | 1 Puzzles And Matchup Games Project | 1 Educational Puzzles - Letters | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5681 | 1 Xda-developers | 1 Xda-developers | 2025-04-12 | 5.4 MEDIUM | N/A |
| The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6779 | 1 Cart-app | 1 Cart App | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cart App (aka com.virtecha.mobilewallet) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0199 | 1 Redhat | 1 Rhevm-reports | 2025-04-12 | 2.1 LOW | N/A |
| The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allows local users to obtain sensitive information by reading an unspecified file. | |||||
| CVE-2014-6914 | 1 Houcine El Jasmi Project | 1 Houcine El Jasmi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6961 | 1 Sudaninet | 1 Sudaninet | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5999 | 1 Telenavsoftware | 1 Autonavi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The autonavi (aka com.telenav.doudouyou.android.autonavi) application 4.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7612 | 1 E-kiosk | 1 E-kiosk | 2025-04-12 | 5.4 MEDIUM | N/A |
| The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7034 | 1 Senatorinn | 1 Senator Inn \& Spa | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application 1.2.2.160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||