Total
2464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4217 | 1 Cisco | 3 Content Security Management Virtual Appliance, Email Security Virtual Appliance, Web Security Virtual Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
| The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. | |||||
| CVE-2014-6136 | 1 Ibm | 1 Security Appscan | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-7447 | 1 Dattch | 1 Dattch - The Lesbian App | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Dattch - The Lesbian App (aka com.dattch.dattch.app) application 0.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5808 | 1 Whisper | 1 Whisper | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Whisper (aka sh.whisper) application 4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5836 | 1 Gittigidiyor | 1 Gittigidiyor | 2025-04-12 | 5.4 MEDIUM | N/A |
| The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5909 | 1 Watcha | 1 Watcha | 2025-04-12 | 5.4 MEDIUM | N/A |
| The watcha (aka com.frograms.watcha) application 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5798 | 1 Nonghyup | 1 Smart Calculator | 2025-04-12 | 5.4 MEDIUM | N/A |
| The smart.calculator (aka nh.smart.calculator) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6663 | 1 Addisgag | 1 Addis Gag Funny Amharic Pic | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5707 | 1 Animoca | 1 Bunny Run | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5641 | 1 Cubettechnologies | 1 Cloud Manager | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6852 | 1 Automon | 1 Ledline.gr Official | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5713 | 1 Telly | 1 Telly-watch The Good Stuff | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7509 | 1 Ireadercity | 1 A Very Short History Of Japan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-5419 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||||
| CVE-2014-7092 | 1 Ubooly | 1 Ubooly | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6905 | 1 H2o Human Harmony Organization Project | 1 H2o Human Harmony Organization | 2025-04-12 | 5.4 MEDIUM | N/A |
| The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application 1.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7631 | 1 Texasweddingmall | 1 Villa Antonia | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-6702 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | |||||
| CVE-2015-4458 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.3 MEDIUM | N/A |
| The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu52976. | |||||
| CVE-2014-5726 | 1 Ssfcu | 1 Security Service Mybranch App | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) application 7.88.00.145 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||