Total
2460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7656 | 1 Magzter | 1 Indian Management | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Indian Management (aka com.magzter.indianmanagement) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5811 | 1 Zoom | 1 Zoom Cloud Meetings | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5887 | 1 Yell | 1 Yell Local Search | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5618 | 1 Fingersoft | 1 Cartoon Camera | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cartoon Camera (aka com.fingersoft.cartooncamera) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5684 | 1 Runtastic | 1 Runtastic Running \& Fitness | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Runtastic Running & Fitness (aka com.runtastic.android) application 5.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7370 | 1 Mobleeps | 1 Job Mobleeps | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5650 | 1 Jiuzhangtech | 1 Traffic Jam Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7577 | 1 Bandh | 1 B\&h Photo Video Pro Audio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3572 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message. | |||||
| CVE-2014-6723 | 1 Comicsplusapp | 1 Comics Plus | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Comics Plus (aka com.iversecomics.comicsplus.android) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6977 | 1 Chattanoogastate | 1 Elearn | 2025-04-12 | 5.4 MEDIUM | N/A |
| The eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application 1.0.649.1194 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7652 | 1 Magicam Photo Magic Editor Project | 1 Magicam Photo Magic Editor | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Magicam Photo Magic Editor (aka mobi.magicam.editor) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-1941 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which makes it easier for remote attackers to guess the password via a brute force attack. | |||||
| CVE-2015-2721 | 5 Canonical, Debian, Mozilla and 2 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | |||||
| CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2025-04-12 | 5.0 MEDIUM | N/A |
| The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | |||||
| CVE-2014-6007 | 1 Likeheroapp | 1 Likehero Get Instagram Likes | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LikeHero Get Instagram Likes (aka com.fraoula.likehero) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7575 | 1 Ebiblio | 1 Ebiblio Andalucia | 2025-04-12 | 5.4 MEDIUM | N/A |
| The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5888 | 1 Bibleslots | 1 Slots\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application 1.122 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6136 | 1 Ibm | 1 Security Appscan | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-7321 | 1 Offertaviaggi | 1 Firenze Map | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Firenze map (aka com.wFirenzemap) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||