Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5672 | 1 Intel | 1 Crosswalk | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
| Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7005 | 1 Foconet | 1 Foconet | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Foconet (aka suporte.com.foconet) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6909 | 1 Enyetech | 1 Coca-cola Fm Peru | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application 2.0.41716 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6686 | 1 Zoho | 1 Zoho Books - Accounting App | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0177 | 1 Github | 1 Hub | 2025-04-12 | 3.6 LOW | N/A |
| The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file. | |||||
| CVE-2014-6822 | 1 Nerdico Project | 1 Nerdico | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-4754 | 1 Apple | 1 Os X Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 cipher, which might allow remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2014-5926 | 1 Dcu | 1 Dcu Mobile Banking | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7663 | 1 Go-nitty-gritty | 1 Right To The Nitty Gritty | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2025-04-12 | 5.0 MEDIUM | N/A |
| The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | |||||
| CVE-2014-7714 | 1 Ibon | 1 Ibon | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-1348 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| Mail in Apple iOS before 7.1.2 advertises the availability of data protection for attachments but stores cleartext attachments under mobile/Library/Mail/, which makes it easier for physically proximate attackers to obtain sensitive information by mounting the data partition. | |||||
| CVE-2014-6935 | 1 Rgsmartapps | 1 Colormania - Color Quiz Game | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7463 | 1 Im5 Fans Planet Project | 1 Im5 Fans Planet | 2025-04-12 | 5.4 MEDIUM | N/A |
| The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7024 | 1 Pdlk | 1 Hardest Game Collection | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5942 | 1 Baby Stomach Surgery Project | 1 Baby Stomach Surgery | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5766 | 1 Mobileeventguide | 1 Uber B2b | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6760 | 1 Haremthief | 1 Harem Thief Dating | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7408 | 1 F5 | 1 Big-ip Analytics | 2025-04-12 | 7.5 HIGH | N/A |
| F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session cookie, which makes it easier for remote attackers to have unspecified impact by guessing the value. | |||||
| CVE-2014-7535 | 1 Pocketmags | 1 Classic Racer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Classic Racer (aka com.triactivemedia.classicracer) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||