Total
2460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5583 | 1 Apereo | 1 Phpcas | 2025-04-12 | 5.8 MEDIUM | N/A |
| phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-7490 | 1 Magzter | 1 Menaka - Marathi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6999 | 1 Jogoeusei | 1 Questoes Oab | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Questoes OAB (aka com.pedefeijao.questoesoab) application oab_android_1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7692 | 1 Rowlandsolutions | 1 Lent Experience | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5171 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | 2.9 LOW | N/A |
| SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network. | |||||
| CVE-2015-5012 | 1 Ibm | 3 Security Access Manager 9.0 Firmware, Security Access Manager For Web 7.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2014-6884 | 1 Ford | 1 Ford Credit Account Manager | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-6702 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | |||||
| CVE-2014-5908 | 1 Kmart | 1 Kmart | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kmart (aka com.kmart.android) application @7F0C00EF for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6699 | 1 Weather | 1 Weather Channel | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7646 | 1 Buzztouch | 1 Emt-paramedic Lite | 2025-04-12 | 5.4 MEDIUM | N/A |
| The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0351 | 1 Fortinet | 1 Fortios | 2025-04-12 | 5.4 MEDIUM | N/A |
| The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. | |||||
| CVE-2014-6798 | 1 Weeverapps | 1 Mcmaster Marauders | 2025-04-12 | 5.4 MEDIUM | N/A |
| The McMaster Marauders (aka com.weever.marauders) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4005 | 1 Huawei | 1 Hilink App | 2025-04-12 | 7.5 HIGH | 5.5 MEDIUM |
| The Huawei Hilink App application before 3.19.2 for Android does not validate SSL certificates, which allows local users to have unspecified impact via unknown vectors, aka HWPSIRT-2016-03008. | |||||
| CVE-2014-5912 | 1 Intsig | 1 Innote | 2025-04-12 | 5.4 MEDIUM | N/A |
| The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5600 | 1 Familyconnect Project | 1 Familyconnect | 2025-04-12 | 5.4 MEDIUM | N/A |
| The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6963 | 1 Feiron | 1 Feiron | 2025-04-12 | 5.4 MEDIUM | N/A |
| The feiron (aka es.sw.feironmobile.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6960 | 1 Sourcelink | 1 Multitrac | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Multitrac (aka com.multitrac) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5776 | 1 Playmemoriesonline | 1 Playmemories Online | 2025-04-12 | 5.4 MEDIUM | N/A |
| The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application 4.2.0.05070 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7621 | 1 Ein Lookup Project | 1 Ein Lookup | 2025-04-12 | 5.4 MEDIUM | N/A |
| The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||