Total
2465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6684 | 1 Mol | 1 Mol Bringapont | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6659 | 1 Defence | 1 Defence.pk | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5549 | 1 Starluxstudios | 1 Puppy Slots | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5566 | 1 Americostech | 1 Selfshot Front Flash Camera | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Selfshot - Front Flash Camera (aka com.americos.selfshot) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6721 | 1 Pharmaguideline | 1 Pharmaguideline | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2000-1254 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. | |||||
| CVE-2014-6899 | 1 Jazeeraairways | 1 Jazeera Airways | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5563 | 1 Show Do Milhao 2014 Project | 1 Show Do Milhao 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6176 | 1 Ibm | 3 Business Process Manager, Websphere Enterprise Service Bus, Websphere Process Server | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus 7.0, and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 disregard the SSL setting in the SCA module HTTP import binding and unconditionally select the SSLv3 protocol, which makes it easier for remote attackers to hijack sessions or obtain sensitive information by leveraging the use of a weak cipher. | |||||
| CVE-2014-5239 | 1 Microsoft | 1 Outlook.com | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5763 | 1 Zoodles | 1 Kid Mode\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application 4.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5692 | 1 Safeway | 1 Safeway | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Safeway (aka com.safeway.client.android.safeway) application 4.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7659 | 1 Expeditersonline | 1 Expeditersonline.com Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7740 | 1 Pocketmags | 1 Pony Magazine | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7029 | 1 Ticstyle | 1 Bultmonster Registret | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bultmonster Registret (aka com.bultmonster.registret) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7129 | 1 Gannett | 1 Argus Leader Print Edition | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Argus Leader Print Edition (aka com.argusleader.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7106 | 1 Pp-solution | 1 Orakel-ball | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-0941 | 1 Inetc Project | 1 Inetc | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files. | |||||
| CVE-2015-6112 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 5.8 MEDIUM | N/A |
| SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability." | |||||
| CVE-2014-6710 | 1 Chifro | 1 Chifro Kids Coloring Game | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||