CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Semper Invicta Fitness aka com.semper.invicta.fitness application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00099EPSS

Exploits0References4

ATTACKERKB•added 2014/10/21 10:55 a.m.•3 views

CVE-2014-7733

The Karaf Magazin aka com.magzter.karafmagazin application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS5.5AI score0.00099EPSS

Exploits0References4

CVE•added 2014/10/19 1:0 a.m.•34 views

CVE-2014-7054

Summary of CVE-2014-7054 : The Android app musica de barrios sonideros (package com.nobexinc.wls_93155702.rc), version 3.3.10, does not verify X.509 certificates when connecting to SSL servers. This allows a man‑in‑the‑middle attacker to spoof servers and obtain sensitive information via a crafte...

5.4CVSS6AI score0.00134EPSS

Exploits0References3Affected Software1

Prion•added 2013/12/23 10:55 p.m.•15 views

Design/Logic Flaw

The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification CURLOPTSSLVERIFYPEER, also disables the CURLOPTSSLVERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle MITM...

4CVSS6.9AI score0.00253EPSS

Exploits0References5Affected Software3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by