Total
2464 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3197 | 2 Openssl, Oracle | 6 Openssl, Exalogic Infrastructure, Oss Support Tools and 3 more | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. | |||||
| CVE-2014-6870 | 1 Bgenergy | 1 Bgenergy | 2025-04-12 | 5.4 MEDIUM | N/A |
| The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7796 | 1 Nobexrc | 1 House365 Radio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7629 | 1 Dublabs | 1 Yulman Stadium | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4595 | 1 Gordon Heydon | 1 Secure Pages | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. | |||||
| CVE-2014-5600 | 1 Familyconnect Project | 1 Familyconnect | 2025-04-12 | 5.4 MEDIUM | N/A |
| The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5784 | 1 Playscape | 1 Bouncy Bill Seasons | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6679 | 1 Wepisdparentportal Project | 1 Wepisdparentportal | 2025-04-12 | 5.4 MEDIUM | N/A |
| The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6794 | 1 Boopsie | 1 Aapld | 2025-04-12 | 5.4 MEDIUM | N/A |
| The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7326 | 1 En2grate | 1 Eta Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7314 | 1 Magzter | 1 Intelligent Sme | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7070 | 1 Air War Hero Project | 1 Air War Hero | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3691 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-12 | 7.5 HIGH | N/A |
| Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate. | |||||
| CVE-2014-5842 | 1 2g Live Tv Project | 1 2g Live Tv | 2025-04-12 | 5.4 MEDIUM | N/A |
| The 2G Live Tv (aka com.ww2GLiveTv) application 0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5933 | 1 Cokestudio | 1 Cokestudio7 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7781 | 1 Fallacystudios | 1 Marijuana Handbook Lite - Weed | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6998 | 1 Smartstudy | 1 Pinkfong Tv | 2025-04-12 | 5.4 MEDIUM | N/A |
| The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1010 | 1 Rockwellautomation | 1 Rsview32 | 2025-04-12 | 4.9 MEDIUM | N/A |
| Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decryption attack. | |||||
| CVE-2014-6636 | 1 Rsupport | 1 Lg Telepresence | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Build 63 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5528 | 1 Appsflyer | 1 Appsflyer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||