Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7448 | 1 Magzter | 1 Dealside Institutional | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DealSide Institutional (aka com.magzter.dealsideinstitutional) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6669 | 1 Pocketmags | 1 Inside Crochet | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Inside Crochet (aka com.magazinecloner.insidecrochet) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7073 | 1 Andrew Magdy Kamal\'s Network Project | 1 Andrew Magdy Kamal\'s Network | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5698 | 1 Sheado | 1 Furdiburb | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Furdiburb (aka com.sheado.lite.pet) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5632 | 1 Getsetgames | 1 Mega Jump | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Mega Jump (aka com.getsetgames.megajump) application @7F080002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-6257 | 4 Amazonbasics, Dell, Lenovo and 1 more | 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more | 2025-04-12 | 3.3 LOW | 6.5 MEDIUM |
| The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | |||||
| CVE-2014-7528 | 1 Apptive | 1 Horsepower | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Horsepower (aka com.apptive.android.apps.horsepower) application 2.10.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6681 | 1 Wordbox | 1 Mahabharata Audiocast | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6765 | 1 Mibizapps | 1 No Fuss Home Loans | 2025-04-12 | 5.4 MEDIUM | N/A |
| The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application 1.0035.b0035 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7445 | 1 Jowangel | 1 Legend Of Trance | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6856 | 1 Myvet2pet | 1 Ahrah | 2025-04-12 | 5.4 MEDIUM | N/A |
| The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3051 | 1 Ibm | 1 Tivoli Composite Application Manager For Transactions | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain credential information via a crafted certificate. | |||||
| CVE-2014-5820 | 1 Okcupid | 1 Okcupid Dating | 2025-04-12 | 5.4 MEDIUM | N/A |
| The OkCupid Dating (com.okcupid.okcupid) application 3.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6891 | 1 Vodafone | 1 Vodafone Avantaj Cepte | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3812 | 1 Juniper | 18 Fips Infranet Controller 6500, Fips Secure Access 4000, Fips Secure Access 4500 and 15 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-8642 | 2 Mozilla, Opensuse | 3 Firefox, Seamonkey, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. | |||||
| CVE-2014-6823 | 1 Zhtiantian | 1 Kuailecaidengmi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7028 | 1 Myapp | 1 Ibis Pau Centre | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7124 | 1 Consulo | 1 Ip Alarm | 2025-04-12 | 5.4 MEDIUM | N/A |
| The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7506 | 1 Imapp | 1 Realtime Music Rank | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||