Total
2450 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5670 | 1 Ninjakiwi | 1 Sas\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) application 2.56 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7620 | 1 Authorsontourlive | 1 Authors On Tour - Live\! | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-6257 | 4 Amazonbasics, Dell, Lenovo and 1 more | 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more | 2025-04-12 | 3.3 LOW | 6.5 MEDIUM |
| The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | |||||
| CVE-2014-6653 | 1 Wordboxapps | 1 Afghan Radio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6880 | 1 Tradehero | 1 Tradehero | 2025-04-12 | 5.4 MEDIUM | N/A |
| The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7026 | 1 Lifetimefitness | 1 Life Time Fitness | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6721 | 1 Pharmaguideline | 1 Pharmaguideline | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-0118 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, which might make it easier for remote attackers to obtain sensitive information by sniffing the network during a connection to an Integration Bus node. | |||||
| CVE-2014-5742 | 1 Geteversnap | 1 Eversnap Private Photo Album | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Eversnap Private Photo Album (aka com.weddingsnap.android) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1777 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2014-7724 | 1 Chemssou Blink Project | 1 Chemssou Blink | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5834 | 1 Mobiledeluxe | 1 Solitaire Deluxe | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Solitaire Deluxe (aka com.gosub60.solfree2) application 2.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7344 | 1 Pocketmags | 1 Classic Arms \& Militaria | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5916 | 1 Oi | 1 Minha Oi | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5722 | 1 Swiftkey | 1 Swiftkey Keyboard \+ Emoji | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7650 | 1 Ashok88 | 1 Jja- Juvenile Justice Act 1986 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5767 | 1 Shape | 1 Im\+ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7397 | 1 Byfes | 1 Ileri Gazetesi - Yozgat | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0860 | 1 Ibm | 6 Advanced Management Module, Advanced Management Module Firmware, Integrated Management Module and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The firmware before 3.66E in IBM BladeCenter Advanced Management Module (AMM), the firmware before 1.43 in IBM Integrated Management Module (IMM), and the firmware before 4.15 in IBM Integrated Management Module II (IMM2) contains cleartext IPMI credentials, which allows attackers to execute arbitrary IPMI commands, and consequently establish a blade remote-control session, by leveraging access to (1) the chassis internal network or (2) the Ethernet-over-USB interface. | |||||
| CVE-2014-7340 | 1 Pocketmags | 1 Old Bike Mart | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Old Bike Mart (aka com.magazinecloner.oldbike) application @7F08017E for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||