Total
2464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3324 | 1 Lenovo | 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. | |||||
| CVE-2014-7086 | 1 Killer Screen Lock Project | 1 Killer Screen Lock | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7036 | 1 Questfcu | 1 Quest Federal Cu Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7749 | 1 Intsig | 1 Camdictionary | 2025-04-12 | 5.4 MEDIUM | N/A |
| The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7647 | 1 Mygoodhotels | 1 Booking Discount | 2025-04-12 | 5.4 MEDIUM | N/A |
| The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6744 | 1 Al-ahsa News Project | 1 Al-ahsa News | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7563 | 1 Tacticalforcellc | 1 Tactical Force Llc | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application 1.9.23.276 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5940 | 1 Pocketpc | 1 Pocketpc.ch | 2025-04-12 | 5.4 MEDIUM | N/A |
| The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5876 | 1 Westerndigital | 1 Wd My Cloud | 2025-04-12 | 5.4 MEDIUM | N/A |
| The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4347 | 1 Urbanairship | 1 Python-oauth2 | 2025-04-12 | 5.8 MEDIUM | N/A |
| The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack. | |||||
| CVE-2014-6020 | 1 Fuelrewards | 1 Fuel Rewards Network | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7544 | 1 Narr8 | 1 Secret City - Motion Comic | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6698 | 1 Igg | 1 Galaxy Online 2 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7487 | 1 Pocketmags | 1 Adt Aesthetic Dentistry Today | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7329 | 1 Digifi | 1 Motoring Classics | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Motoring Classics (aka com.aptusi.android.motoring) application 1.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4288 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance, Web Security Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
| The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470. | |||||
| CVE-2014-7035 | 1 Harmonizers Planet Project | 1 Harmonizers Planet | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5695 | 1 Sanriodigital | 1 Hello Kitty Cafe | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-9596 | 1 Panasonic | 4 Arbitrator Back-end Server Mk 2.0 Vpu, Arbitrator Back-end Server Mk 2.0 Vpu Firmware, Arbitrator Back-end Server Mk 3.0 Vpu and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 build 4.08.003.0, when USB Wi-Fi or Direct LAN is enabled, and MK 3.0 VPU before 9.3.1 build 5.06.000.0, when Embedded Wi-Fi or Direct LAN is enabled, does not use encryption, which allows remote attackers to obtain sensitive information by sniffing the network for client-server traffic, as demonstrated by Active Directory credential information. | |||||
| CVE-2014-7771 | 1 Worldtamilbayan | 1 World Tamil Bayan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||