Total
2464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5844 | 1 Alsunna Project | 1 Alsunna | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Alsunna (aka com.wAlsunna) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-5662 | 1 Paul Mattes | 1 X3270 | 2025-04-12 | 5.8 MEDIUM | N/A |
| x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-5954 | 1 Sbi | 1 State Bank Anywhere | 2025-04-12 | 5.4 MEDIUM | N/A |
| The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5688 | 1 Runtastic | 1 Runtastic Pedometer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5997 | 1 Autotrader.co.za | 1 Auto Trader | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Auto Trader (aka za.co.autotrader.android.app) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5587 | 1 Brokenscreencrank Project | 1 Brokenscreencrank | 2025-04-12 | 5.4 MEDIUM | N/A |
| The brokenscreencrank (aka com.biggame.brokenscreencrank) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6804 | 1 Boopsie | 1 Deschutes Public Mobilelibrary | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5561 | 1 Devarai | 1 Word Search Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Word Search Free (aka air.wordSearchFree) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6839 | 1 Webizz | 1 Alma Corinthiana | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-2319 | 1 Powerarchiver | 1 Powerarchiver | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to obtain sensitive information via a known-plaintext attack. | |||||
| CVE-2014-5762 | 1 Zeptolab | 1 Cut The Rope\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6748 | 1 Gemaire | 1 Gemaire\'s Hvac Assist | 2025-04-12 | 5.4 MEDIUM | N/A |
| The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7089 | 1 Appsgeyser | 1 Competition Information | 2025-04-12 | 5.4 MEDIUM | N/A |
| The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5881 | 1 Yahoo | 1 Yahoo Ybox | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4447 | 1 Apple | 1 Os X Server | 2025-04-12 | 1.9 LOW | N/A |
| Profile Manager in Apple OS X Server before 4.0 allows local users to discover cleartext passwords by reading a file after a (1) profile setup or (2) profile edit occurs. | |||||
| CVE-2014-7436 | 1 Sos Recette Project | 1 Sos Recette | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SOS recette (aka com.sos.recette) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5607 | 1 Disney | 1 Where\'s My Water\? Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7488 | 1 Highlighterstudio | 1 Vineyard All In | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7581 | 1 Quotes Of Travis Barker Project | 1 Quotes Of Travis Barker | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application 0.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6371 | 2 Fedoraproject, Json-c | 2 Fedora, Json-c | 2025-04-12 | 5.0 MEDIUM | N/A |
| The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | |||||