Total
2458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2721 | 5 Canonical, Debian, Mozilla and 2 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | |||||
| CVE-2014-5958 | 1 Chatbox | 1 Chatbox - Chat Rooms | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5831 | 1 Happylabs | 1 Hotel Story\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7507 | 1 Androidcommunity | 1 Hector Leal | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5843 | 1 Adp4u | 1 Adp Agency Immobiliare | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ADP AGENCY Immobiliare (aka com.wAdpagencyAndroid) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4442 | 1 Pwgen Project | 1 Pwgen | 2025-04-12 | 5.0 MEDIUM | N/A |
| Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | |||||
| CVE-2014-5531 | 1 Goabode | 1 Abode | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7577 | 1 Bandh | 1 B\&h Photo Video Pro Audio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6866 | 1 Homeadvisor | 1 Homeadvisor Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The HomeAdvisor Mobile (aka com.servicemagic.consumer) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6724 | 1 Soapmakingforum | 1 Soap Making | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5979 | 1 Tvbengali | 1 Tv Bengali Open Directory | 2025-04-12 | 5.4 MEDIUM | N/A |
| The TV Bengali Open Directory (aka com.TVBengali) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5777 | 1 Cocoppa | 1 Icon Wallpaper Dressup-cocoppa | 2025-04-12 | 5.4 MEDIUM | N/A |
| The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application 2.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7023 | 1 Find Color Project | 1 Find Color | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Find Color (aka com.chudong.color) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6860 | 1 Trialtracker | 1 Trial Tracker | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5541 | 1 Differencegames | 1 Hidden Memory - Aladdin Free\! | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application 1.0.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7398 | 1 Buronya | 1 Dil Bilgisi Kurallari | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5444 | 1 Yorba | 1 Geary | 2025-04-12 | 4.3 MEDIUM | N/A |
| Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted certificate. | |||||
| CVE-2014-7462 | 1 Teamlava | 1 Fashion Story\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application 1.5.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5896 | 1 Seawolftech | 1 Globaltalk- Free Phone Calls | 2025-04-12 | 5.4 MEDIUM | N/A |
| The GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) application 2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7056 | 1 Yeast Infection Project | 1 Yeast Infection | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||