| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. |
| The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which allows remote attackers to cause a denial of service (connection blocking) by keeping a connection open. |
| Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C uses a hash of a predictable sequence, which makes it easier for remote attackers to guess the console access URL via a brute force attack. |
| The russiananime (aka com.rareartifact.russiananime68A5CCFE) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before IFIX 2, and 10.2.1 before FP1 allows local users to obtain sensitive cleartext information by leveraging knowledge of a static decryption key. |
| Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. |
| The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. |
| WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. |
| wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate. |
| Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing. |
| CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount. |
| The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. |
| Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. |
| The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Gameloft library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
