Total
2464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8564 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Gnutls, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs. | |||||
| CVE-2014-5563 | 1 Show Do Milhao 2014 Project | 1 Show Do Milhao 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4432 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.7 MEDIUM | N/A |
| fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | |||||
| CVE-2014-5539 | 1 Amiscu | 1 Michael Baker Federal Credit Union | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7762 | 1 Bite It\! Project | 1 Bite It\! | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5902 | 1 Uacinemas | 1 Ua Cinemas - Mobile Ticketing | 2025-04-12 | 5.4 MEDIUM | N/A |
| The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7309 | 1 Where2stop | 1 Where2stop-cardlocks-free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application 6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7803 | 1 Onesolutionapps | 1 Woodward Bail | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6699 | 1 Weather | 1 Weather Channel | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3503 | 1 Apache | 1 Syncope | 2025-04-12 | 5.0 MEDIUM | N/A |
| Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack. | |||||
| CVE-2014-6845 | 1 Mediafire | 1 Mediafire | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MediaFire (aka com.mediafire.android) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7310 | 1 Ali Visual Project | 1 Ali Visual | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Ali Visual (aka com.ali.visual) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7595 | 1 Devada Project | 1 Devada | 2025-04-12 | 5.4 MEDIUM | N/A |
| The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7011 | 1 Nwtc | 1 Nwtc Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5386 | 1 Facebook | 1 Hiphop Virtual Machine | 2025-04-12 | 5.0 MEDIUM | N/A |
| The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initialization vector. | |||||
| CVE-2014-6788 | 1 Oman News Project | 1 Oman News | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7642 | 1 Pegasus Airlines Project | 1 Pegasus Airlines | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Pegasus Airlines (aka com.wPegasusAirlines) application 0.84.13503.96707 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5924 | 1 Bearhugmedia | 1 Monster Makeup | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5659 | 1 Metago | 1 Astro File Manager With Cloud | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ASTRO File Manager with Cloud (aka com.metago.astro) application ASTRO-4.4.592 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7793 | 1 Cb - Calciatori Brutti Project | 1 Cb - Calciatori Brutti | 2025-04-12 | 5.4 MEDIUM | N/A |
| The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||