Total
2452 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6790 | 1 Keyinternet | 1 Invex | 2025-04-12 | 5.4 MEDIUM | N/A |
| The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7087 | 1 Appa-apps | 1 Top Roller Coasters Europe 1 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5868 | 1 Cisco | 1 Cisco Technical Support | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5556 | 1 Flyfishing-and-flytying | 1 Fly Fishing \& Fly Tying | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application 3.21.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6724 | 1 Soapmakingforum | 1 Soap Making | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7403 | 1 Nzhondas | 1 Nzhondas.com | 2025-04-12 | 5.4 MEDIUM | N/A |
| The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6646 | 1 Bellyhoodcom Project | 1 Bellyhoodcom | 2025-04-12 | 5.4 MEDIUM | N/A |
| The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-5672 | 1 Intel | 1 Crosswalk | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
| Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7515 | 1 Onesolutionapps | 1 Bail Bonds | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7357 | 1 Bfac | 1 Grandparenting Is Great | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Grandparenting is Great (aka com.app_gig.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7726 | 1 Golosinassimpson | 1 Golosinas Simpson1 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5807 | 1 Safari Browser Project | 1 Safari Browser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Safari Browser (aka safari.safaribrowser.internetexplorer) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6861 | 1 Terrarienbilder | 1 Terrarienbilder.com Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application 3.8.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6686 | 1 Zoho | 1 Zoho Books - Accounting App | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5972 | 1 Loving.fm | 1 Loving - Couple Essential | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6853 | 1 Foxitsoftware | 1 Foxit Mobilepdf - Pdf Reader | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application 2.2.0.0616 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7373 | 1 Magzter | 1 Inspire Weddings | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1584 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user. | |||||
| CVE-2014-5576 | 1 Avira | 1 Avira Secure Backup | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1948 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | |||||