Total
2464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2741 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Solaris | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which allows user-assisted man-in-the-middle attackers to bypass intended access restrictions by triggering a (1) expired certificate or (2) mismatched hostname for a domain with pinning enabled. | |||||
| CVE-2014-5849 | 1 Disney | 1 Maleficent Free Fall | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-9847 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in phpMyAdmin. When the user does not specify a blowfish_secret key for encrypting cookies, phpMyAdmin generates one at runtime. A vulnerability was reported where the way this value is created uses a weak algorithm. This could allow an attacker to determine the user's blowfish_secret and potentially decrypt their cookies. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2014-8627 | 1 Polarssl | 1 Polarssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||||
| CVE-2014-8495 | 1 Citrix | 1 Xenmobile | 2025-04-12 | 5.0 MEDIUM | N/A |
| Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 applications, does not properly encrypt cached application data, which allows context-dependent attackers to obtain sensitive information by reading the cache. | |||||
| CVE-2014-5901 | 1 Webelinx | 1 Beauty Bible - App For Girls | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Beauty Bible - App for Girls (aka com.my.beauty.bible) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5544 | 1 Freshplanet | 1 Songpop | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6951 | 1 Onefile | 1 Onefile Ignite | 2025-04-12 | 5.4 MEDIUM | N/A |
| The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5966 | 1 Golauncher | 1 Dreamland Super Theme Go Gold | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Dreamland Super Theme GO Gold (aka com.gau.go.launcherex.viptheme.dreamland.gold) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6683 | 1 Openelectrical | 1 Open Electrical Webser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6750 | 1 \$0.99 Kindle Books Project | 1 \$0.99 Kindle Books | 2025-04-12 | 5.4 MEDIUM | N/A |
| The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5932 | 1 Vodafone | 1 Vodafone Mobile\@work | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7644 | 1 Doapps | 1 Go Msx Mls | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application 2.3.4.MR3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-2107 | 8 Canonical, Debian, Google and 5 more | 15 Ubuntu Linux, Debian Linux, Android and 12 more | 2025-04-12 | 2.6 LOW | 5.9 MEDIUM |
| The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. | |||||
| CVE-2014-7788 | 1 Best Free Giveaways Project | 1 Best Free Giveaways | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5974 | 1 Psecu | 1 Psecu Mobile\+ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6847 | 1 Horoscopesanddreams | 1 Horoscopes And Dreams | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Horoscopes and Dreams (aka com.horoscopesanddreams) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7027 | 1 Pimpstore | 1 Esercizi Per Le Donne | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7501 | 1 Translation Widget Project | 1 Translation Widget | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Translation Widget (aka com.wTranslationGadget) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5690 | 1 Runtastic | 1 Runtastic Timer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Runtastic Timer (aka com.runtastic.android.timer) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||