Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6606 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 8.1 HIGH |
| An issue was discovered in cookie encryption in phpMyAdmin. The decryption of the username/password is vulnerable to a padding oracle attack. This can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Furthermore, the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same - but the attacker can not directly decode these values from the cookie as it is still hashed. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2014-6978 | 1 Grouperahal | 1 Karim Rahal Essoulami | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6752 | 1 Mindless Behavior Fan Base Project | 1 Mindless Behavior Fan Base | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4894 | 1 Mymetro Project | 1 Mymetro | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7115 | 1 Mailgod | 1 Letters To God - Soc. Network | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4259 | 1 Cisco | 1 Unified Computing System | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle attackers to bypass cryptographic protection mechanisms by leveraging knowledge of a private key, aka Bug IDs CSCum56133 and CSCum56177. | |||||
| CVE-2014-6913 | 1 Paperton | 1 Dive The World | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7327 | 1 Magzter | 1 Macau Business | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Macau Business (aka com.magzter.macaubusiness) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5856 | 1 Communityfactory | 1 Selfie Camera -facial Beauty- | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Selfie Camera -Facial Beauty- (aka com.cfinc.cunpic) application 1.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7523 | 1 Islamicode | 1 Radio Bethlehem Rb2000 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5609 | 1 Djinnworks | 1 Stickman Ski Racer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5413 | 2 Aveva, Schneider-electric | 2 Clearscada, Scada Expert Clearscada | 2025-04-12 | 5.0 MEDIUM | N/A |
| Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryptographic attack against this algorithm. | |||||
| CVE-2014-6716 | 1 Fastin Project | 1 Fastin | 2025-04-12 | 5.4 MEDIUM | N/A |
| The fastin (aka moda.azyae.fastin.net) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5695 | 1 Sanriodigital | 1 Hello Kitty Cafe | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5658 | 1 Mercadolibre | 1 Mercadolibre | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MercadoLibre (aka com.mercadolibre) application 3.8.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5669 | 1 9gag | 1 9gag - Funny Pics And Videos | 2025-04-12 | 5.4 MEDIUM | N/A |
| The 9GAG - Funny pics and videos (aka com.ninegag.android.app) application 2.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5872 | 1 Safenet-inc | 1 Safenetmobile Pass | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5532 | 1 Adidas | 1 Honolulu | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Honolulu (aka adidas.jp.android.running.honolulu) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7547 | 1 Fpinternet | 1 Texas Poker Unlimited Hold\'em | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6937 | 1 Ecitic | 1 China Citic Bank Credit Card | 2025-04-12 | 5.4 MEDIUM | N/A |
| The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application 3.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||