Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7031 | 1 Redatoms | 1 Redatoms Three | 2025-04-12 | 5.4 MEDIUM | N/A |
| The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5793 | 1 Mobilecraft | 1 Bilgi Yarisi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5553 | 1 Ilearnwith | 1 Kids Preschool Learning Games | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-2268 | 1 Dell | 1 Secureworks | 2025-04-12 | 5.8 MEDIUM | 6.8 MEDIUM |
| Dell SecureWorks app before 2.1 for iOS does not validate SSL certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7607 | 1 Swamiji | 1 Swamiji.tv | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5812 | 1 Viedemerde | 1 Vdm Officiel | 2025-04-12 | 5.4 MEDIUM | N/A |
| The VDM Officiel (aka vdm.activities) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6078 | 1 Emc | 2 Rsa Bsafe Toolkits, Rsa Data Protection Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
| The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging unspecified "security concerns," aka the ESA-2013-068 issue. NOTE: this issue has been SPLIT from CVE-2007-6755 because the vendor announcement did not state a specific technical rationale for a change in the algorithm; thus, CVE cannot reach a conclusion that a CVE-2007-6755 concern was the reason, or one of the reasons, for this change. | |||||
| CVE-2014-7764 | 1 Semper Invicta Fitness Project | 1 Semper Invicta Fitness | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6666 | 1 Anusthanokarehasya | 1 Baglamukhi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6956 | 1 Misterpark | 1 Hydrogen Water | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hydrogen Water (aka com.appzone628) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5857 | 1 Avantar | 1 White \& Yellow Pages | 2025-04-12 | 5.4 MEDIUM | N/A |
| The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5841 | 1 Cybird | 1 Girls Calendar Period\&weight | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Girls Calendar Period&Weight (aka jp.co.cybird.apps.lifestyle.cal) application 3.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7713 | 1 Pocketmags | 1 Skin\&ink Magazine | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Skin&Ink Magazine (aka com.triactivemedia.skinandink) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5817 | 1 Miniclip | 1 Mini Pets | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5680 | 1 Tapatalk | 1 Tapatalk | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6140 | 1 Ibm | 1 Tivoli Endpoint Manager Mobile Device Management | 2025-04-12 | 9.3 HIGH | N/A |
| IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to (1) Enrollment and Apple iOS Management Extender, (2) Self-service portal, (3) Trusted Services provider, or (4) Admin Portal. | |||||
| CVE-2014-7117 | 1 Forestarea | 1 Forest Area Fcu Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application 1.0.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6795 | 1 Gcspublishing | 1 Beekeeping Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4911 | 2 Debian, Polarssl | 2 Debian Linux, Polarssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. | |||||
| CVE-2014-5757 | 1 Awesomeseating | 1 Buy Tickets | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||