Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4448 1 Apple 1 Iphone Os 2026-06-17 1.9 LOW N/A
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.
CVE-2014-4447 1 Apple 1 Os X Server 2026-06-17 1.9 LOW N/A
Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs.
CVE-2014-4432 1 Apple 1 Mac Os X 2026-06-17 4.7 MEDIUM N/A
fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement.
CVE-2014-4430 1 Apple 1 Mac Os X 2026-06-17 4.7 MEDIUM N/A
CoreStorage in Apple OS X before 10.10 retains a volume's encryption keys upon an eject action in the unlocked state, which makes it easier for physically proximate attackers to obtain cleartext data via a remount.
CVE-2014-4428 1 Apple 1 Mac Os X 2026-06-17 5.4 MEDIUM N/A
Bluetooth in Apple OS X before 10.10 does not require encryption for HID Low Energy devices, which allows remote attackers to spoof a device by leveraging previous pairing.
CVE-2014-4422 1 Apple 2 Iphone Os, Tvos 2026-06-17 6.8 MEDIUM 8.1 HIGH
The kernel in Apple iOS before 8 and Apple TV before 7 uses a predictable random number generator during the early portion of the boot process, which allows attackers to bypass certain kernel-hardening protection mechanisms by using a user-space process to observe data related to the random numbers.
CVE-2014-4391 1 Apple 1 Mac Os X 2026-06-17 6.8 MEDIUM N/A
The Code Signing feature in Apple OS X before 10.10 does not properly handle incomplete resource envelopes in signed bundles, which allows remote attackers to bypass intended app-author restrictions by omitting an execution-related resource.
CVE-2014-4364 1 Apple 2 Iphone Os, Tvos 2026-06-17 2.9 LOW 5.6 MEDIUM
The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does not require strong authentication methods, which allows remote attackers to calculate credentials by offering LEAP authentication from a crafted Wi-Fi AP and then performing a cryptographic attack against the MS-CHAPv1 hash.
CVE-2014-4352 1 Apple 1 Iphone Os 2026-06-17 2.1 LOW N/A
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.
CVE-2014-4193 1 Dell 1 Bsafe Share 2026-06-17 5.0 MEDIUM N/A
The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755.
CVE-2014-4192 1 Dell 1 Bsafe Share 2026-06-17 5.0 MEDIUM N/A
The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
CVE-2014-4191 1 Dell 1 Bsafe Share 2026-06-17 5.0 MEDIUM N/A
The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755.
CVE-2014-4040 1 Powerpc-utils Project 1 Powerpc-utils 2026-06-17 5.0 MEDIUM N/A
snap in powerpc-utils 1.2.20 produces an archive with fstab and yaboot.conf files potentially containing cleartext passwords, and lacks a warning about reviewing this archive to detect included passwords, which might allow remote attackers to obtain sensitive information by leveraging access to a technical-support data stream.
CVE-2014-3908 1 Amazon 1 Kindle 2026-06-17 5.8 MEDIUM N/A
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3902 1 Cyberagent 1 Ameba 2026-06-17 5.8 MEDIUM N/A
The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3812 1 Juniper 18 Fips Infranet Controller 6500, Fips Secure Access 4000, Fips Secure Access 4500 and 15 more 2026-06-17 5.0 MEDIUM N/A
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-3750 1 Bilyoner 1 Bilyoner 2026-06-17 5.8 MEDIUM N/A
The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3694 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more 2026-06-17 6.4 MEDIUM N/A
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-3691 2 Redhat, Theforeman 2 Openstack, Foreman 2026-06-17 7.5 HIGH N/A
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate.
CVE-2014-3620 2 Apple, Haxx 3 Mac Os X, Curl, Libcurl 2026-06-17 5.0 MEDIUM N/A
cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.