Total
2469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10136 | 1 Adups | 1 Adups Fota | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and delete files as the system user. In the com.adups.fota.sysoper app's AndroidManifest.xml file, it sets the android:sharedUserId attribute to a value of android.uid.system which makes it execute as the system user, which is a very privileged user on the device. This allows a third-party app to read, write, and delete files owned by the system user. The third-party app can modify the /data/system/users/0/settings_secure.xml file to add an app as a notification listener to be able to receive the text of notifications as they are received on the device. This also allows the /data/system/users/0/accounts.db to be read which contains authentication tokens for various accounts on the device. The third-party app can obtain privileged information and also modify files to obtain more privileges on the device. | |||||
| CVE-2016-0736 | 1 Apache | 1 Http Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC. | |||||
| CVE-2015-8989 | 1 Mcafee | 1 Vulnerability Manager | 2025-04-20 | 4.0 MEDIUM | 8.8 HIGH |
| Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database. | |||||
| CVE-2014-6889 | 1 Gunbroker | 1 Gunbroker.com | 2025-04-12 | 5.4 MEDIUM | N/A |
| The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5751 | 1 Tor Browser The Short Guide Project | 1 Tor Browser The Short Guide | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7602 | 1 Pocketmags | 1 Front | 2025-04-12 | 5.4 MEDIUM | N/A |
| The FRONT (aka com.magazinecloner.front) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5990 | 1 Bookjam | 1 Cookbible | 2025-04-12 | 5.4 MEDIUM | N/A |
| The cookbible (aka net.bookjam.cookbible) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5687 | 1 Runtastic | 1 Runtastic Mountain Bike | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.lite) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5976 | 1 Alibaba | 1 Alibaba | 2025-04-12 | 5.4 MEDIUM | N/A |
| The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5824 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | 4.3 MEDIUM | N/A |
| The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7331 | 1 Todaysseniorsnetwork | 1 Todaysseniorsnetwork | 2025-04-12 | 5.4 MEDIUM | N/A |
| The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application 0.21.13245.84038 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7131 | 1 Core-apps | 1 Digital Content Newfronts 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application 6.0.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7772 | 1 Mb Tickets Project | 1 Mb Tickets | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6901 | 1 Nobexrc | 1 Radios Del Ecuador | 2025-04-12 | 5.4 MEDIUM | N/A |
| The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1913 | 1 Ibm | 2 Rational Test Virtualization Server, Rational Test Workbench | 2025-04-12 | 5.0 MEDIUM | N/A |
| Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which makes it easier for remote attackers to bypass authentication via unspecified vectors. | |||||
| CVE-2014-6003 | 1 Belasfrasesdeamor | 1 Belas Frases De Amor | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7342 | 1 Echonewshk | 1 Echo News | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Echo News (aka com.solo.report) 1.10 application (beta) for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
| CVE-2014-6720 | 1 Clearfishing | 1 Pesca De Carpa Lite | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5552 | 1 Ilearnwith | 1 Numbers \& Addition\! Math Games | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||