Total
2455 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7364 | 1 Promotionalshop | 1 Promotional Items | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Promotional Items (aka com.wPromotionalItems) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3902 | 1 Cyberagent | 1 Ameba | 2025-04-12 | 5.8 MEDIUM | N/A |
| The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6890 | 1 Couponcabin - Coupons \& Deals Project | 1 Couponcabin - Coupons \& Deals | 2025-04-12 | 5.4 MEDIUM | N/A |
| The CouponCabin - Coupons & Deals (aka com.couponcabin) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5536 | 1 Bashgaming | 1 Bingo Bash Free Bingo Casino | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5604 | 1 Elokence | 1 Akinator The Genie Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application 2.46 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7714 | 1 Ibon | 1 Ibon | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1263 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.3 MEDIUM | N/A |
| curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | |||||
| CVE-2014-5936 | 1 Incognito Private Browser Project | 1 Incognito Private Browser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5984 | 1 Playcomo | 1 Little Dragons | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5630 | 1 Gcspublishing | 1 Home Repair | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Home Repair (aka com.gcspublishing.houserepairtalk) application 3.7.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6926 | 1 Paperton | 1 Allt Om Brollop | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Allt om Brollop (aka com.paperton.wl.alltombrollop) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5075 | 2 Igniterealtime, Redhat | 2 Smack Api, Jboss Fuse | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-0042 | 1 Redhat | 1 Openstack | 2025-04-12 | 4.3 MEDIUM | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, sets gpgcheck to 0 for certain templates, which disables GPG signature checking on downloaded packages and allows man-in-the-middle attackers to install arbitrary packages via unspecified vectors. | |||||
| CVE-2014-7315 | 1 Magzter | 1 Where Atlanta | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1571 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | N/A |
| The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack. | |||||
| CVE-2014-7384 | 1 Userfriendlymedia | 1 Joe\'s Lawn Service | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Joe's Lawn Service (aka com.appexpress.joeslawnservice) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6946 | 1 Misterpark | 1 Re\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Re:kyu (aka com.appzone619) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6746 | 1 Infinitiusa | 1 Infiniti Roadside Assistance | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7766 | 1 7 Habits Personal Development Project | 1 7 Habits Personal Development | 2025-04-12 | 5.4 MEDIUM | N/A |
| The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5815 | 1 Mavenhut | 1 Solitaire Arena | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Solitaire Arena (aka com.mavenhut.solitaire) application 1.0.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||