Vulnerabilities (CVE)

Filtered by CWE-310
Total 2472 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-3613 2 Apple, Haxx 3 Mac Os X, Curl, Libcurl 2026-06-17 5.0 MEDIUM N/A
cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.
CVE-2014-3604 1 Not Yet Commons Ssl Project 1 Not Yet Commons Ssl 2026-06-17 6.8 MEDIUM N/A
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-3572 1 Openssl 1 Openssl 2026-06-17 5.0 MEDIUM N/A
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message.
CVE-2014-3570 1 Openssl 1 Openssl 2026-06-17 5.0 MEDIUM N/A
The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c.
CVE-2014-3568 1 Openssl 1 Openssl 2026-06-17 4.3 MEDIUM N/A
OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j does not properly enforce the no-ssl3 build option, which allows remote attackers to bypass intended access restrictions via an SSL 3.0 handshake, related to s23_clnt.c and s23_srvr.c.
CVE-2014-3566 11 Apple, Debian, Fedoraproject and 8 more 20 Mac Os X, Debian Linux, Fedora and 17 more 2026-06-17 4.3 MEDIUM 3.4 LOW
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2014-3503 1 Apache 1 Syncope 2026-06-17 5.0 MEDIUM N/A
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.
CVE-2014-3436 1 Symantec 2 Encryption Desktop, Pgp Desktop 2026-06-17 5.0 MEDIUM N/A
Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP Desktop 10.0.x through 10.2.x, allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted encrypted e-mail message that decompresses to a larger size.
CVE-2014-3404 1 Cisco 1 Ios Xe 2026-06-17 4.3 MEDIUM N/A
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted messages, aka Bug ID CSCuq22677.
CVE-2014-3403 1 Cisco 1 Ios Xe 2026-06-17 5.0 MEDIUM N/A
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq22647.
CVE-2014-3302 1 Cisco 1 Webex Meetings Server 2026-06-17 5.8 MEDIUM N/A
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.
CVE-2014-3274 1 Cisco 1 Telepresence System Software 2026-06-17 4.3 MEDIUM N/A
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.
CVE-2014-3260 1 Pacom 2 1000 Ccu Gms, Rtu Gms 2026-06-17 6.8 MEDIUM 7.5 HIGH
Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography.
CVE-2014-3093 1 Ibm 1 Powervc 2026-06-17 2.1 LOW N/A
IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext passwords in (1) api-paste.ini, (2) debug logs, (3) the installation process, (4) environment checks, (5) powervc-ldap-config, (6) powervc-restore, and (7) powervc-diag, which allows local users to obtain sensitive information by entering a ps command or reading a file.
CVE-2014-3089 1 Ibm 2 Rational Directory Administrator, Rational Directory Server 2026-06-17 4.9 MEDIUM N/A
The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file.
CVE-2014-3051 1 Ibm 1 Tivoli Composite Application Manager For Transactions 2026-06-17 4.3 MEDIUM N/A
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate.
CVE-2014-2993 1 Birebin 1 Birebin.com App 2026-06-17 6.4 MEDIUM N/A
The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2992 1 Misli 1 Misli.com App 2026-06-17 6.4 MEDIUM N/A
The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-2903 1 Wolfssl 1 Wolfssl 2026-06-17 4.3 MEDIUM 5.9 MEDIUM
CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.
CVE-2014-2900 1 Yassl 1 Cyassl 2026-06-17 5.8 MEDIUM N/A
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.