Total
2460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7720 | 1 Pacificmags | 1 Better Homes And Gardens Aus | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application @7F0801B2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7418 | 1 Magzter | 1 Bbc Knowledge Magazine | 2025-04-12 | 5.4 MEDIUM | N/A |
| The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6807 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | 6.8 MEDIUM | N/A |
| The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | |||||
| CVE-2015-0204 | 1 Openssl | 1 Openssl | 2025-04-12 | 4.3 MEDIUM | N/A |
| The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations. | |||||
| CVE-2014-5948 | 1 Barackobama | 1 Obama For America | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6683 | 1 Openelectrical | 1 Open Electrical Webser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1913 | 1 Ibm | 2 Rational Test Virtualization Server, Rational Test Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which makes it easier for remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2014-7566 | 1 Abtei-neuburg | 1 Stift Neuburg | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7005 | 1 Foconet | 1 Foconet | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Foconet (aka suporte.com.foconet) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5732 | 1 Wamba | 1 Wamba-meet Women And Men | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Wamba - meet women and men (aka com.wamba.client) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6005 | 1 Survey.com | 1 Survey.com Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Survey.com Mobile (aka com.survey.android) application 3.2.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7039 | 1 Roguewaveproductionsllc | 1 Wild Women United | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Wild Women United (aka com.wildwomenunited) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7333 | 1 Qmania | 1 Aloha Guide | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3089 | 1 Ibm | 2 Rational Directory Administrator, Rational Directory Server | 2025-04-12 | 4.9 MEDIUM | N/A |
| The RDS Java Client library in IBM Rational Directory Server (RDS) 5.1.1.x before 5.1.1.2 iFix004 and 5.2.x before 5.2.1 iFix003, and Rational Directory Administrator (RDA) 6.0 before iFix002, includes the cleartext root password, which allows local users to obtain sensitive information by reading a library file. | |||||
| CVE-2014-6684 | 1 Mol | 1 Mol Bringapont | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6659 | 1 Defence | 1 Defence.pk | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5549 | 1 Starluxstudios | 1 Puppy Slots | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5566 | 1 Americostech | 1 Selfshot Front Flash Camera | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Selfshot - Front Flash Camera (aka com.americos.selfshot) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6721 | 1 Pharmaguideline | 1 Pharmaguideline | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2000-1254 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. | |||||