Lucene search
K

12 matches found

Cvelist
Cvelist
added 2014/10/20 10:0 a.m.17 views

CVE-2014-7598

The Poker Puzzle aka com.sharpiq.pokerpuzzle application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2014/10/19 10:55 a.m.11 views

CVE-2014-7430

The Flood-It aka com.appspot.eoltek.flood application 4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/10/19 10:0 a.m.21 views

CVE-2014-7354

The Penumbra eMag aka com.magzter.penumbraemag application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/09/30 10:0 a.m.18 views

CVE-2014-6824

The kamkomesan aka com.anek.kamkomesan application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.9AI score0.00266EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2014/09/29 8:11 p.m.6 views

CXF: SSL hostname verification bypass, incomplete CVE-2012-6153 fix

It was found that the fix for CVE-2012-6153 was incomplete: the code added to check that the server hostname matches the domain name in a subject's Common Name CN field in X.509 certificates was flawed. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially...

5.8CVSS6.7AI score0.09149EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/11/20 4:37 p.m.5 views

python: hostname check bypassing vulnerability in SSL module

The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...

4.3CVSS6.9AI score0.05347EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2012/06/04 12:0 a.m.7 views

Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704)

The host is installed with Microsoft Windows operating system and is prone to digital certificates spoofing vulnerability. OpenVAS Vulnerability Test $Id: gbunauthdigitalcertspoofingvuln.nasl 5341 2017-02-18 16:59:12Z cfi $ Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerabilit...

7.2AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2010/03/31 6:0 p.m.23 views

CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

6.8CVSS5.9AI score0.01176EPSS
Exploits0References2
securityvulns
securityvulns
added 2009/10/20 12:0 a.m.48 views

PHP multiple security vulnerabilities

Certificates spoofing, memory corruptions on images parsing, information leakage...

9.3CVSS2.9AI score0.1021EPSS
Exploits1References4Affected Software1
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.31 views

xmltooling / opensaml / Shibboleth multiple security vulnerabilities

Certificates spoofing, memory corruption...

2AI score
Exploits0References2Affected Software1
CVE
CVE
added 2005/07/14 4:0 a.m.46 views

CVE-2001-1568

The CVE-2001-1568 issue affects the CMG WAP gateway, where the system fails to verify the fully qualified domain name in the URL against X.509 certificates issued by root CAs. This hostname verification gap enables remote attackers to perform a man-in-the-middle attack to spoof SSL certificates, ...

6.4CVSS6.9AI score0.00682EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2005/05/02 4:0 a.m.3 views

DEBIAN-CVE-2005-0238

The International Domain Name IDN support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

5CVSS6.9AI score0.01552EPSS
Exploits1References1
Rows per page
Query Builder