Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2046 | 1 Broadcom | 2 Pipa C211, Pipa C211 Web Interface | 2025-04-12 | 9.7 HIGH | N/A |
| cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors. | |||||
| CVE-2014-5980 | 1 Genertel | 1 Genertel | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Genertel (aka com.genertel) application 2.6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6725 | 1 Apprenticeuitgevers | 1 Schoolxm | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6649 | 1 Mybroadband | 1 Mybroadband Tapatalk | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6917 | 1 Kftc | 1 Www.knote.kr Smart | 2025-04-12 | 5.4 MEDIUM | N/A |
| The www.knote.kr Smart (aka kr.or.knote.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6994 | 1 Atecea | 1 Atecea | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Atecea (aka com.atecea) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7017 | 1 Tim Ban Bon Phuong Project | 1 Tim Ban Bon Phuong | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7031 | 1 Redatoms | 1 Redatoms Three | 2025-04-12 | 5.4 MEDIUM | N/A |
| The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6755 | 1 Shiftdelete | 1 Sdn Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5900 | 1 Myhomeworkapp | 1 Myhomework Student Planner | 2025-04-12 | 5.4 MEDIUM | N/A |
| The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7613 | 1 Pocketmags | 1 Wasps Official Programmes | 2025-04-12 | 5.4 MEDIUM | N/A |
| The WASPS Official Programmes (aka com.triactivemedia.wasps) application @7F080130 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5963 | 1 Corntree | 1 Halieutics | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Halieutics (aka com.corn.Halieutics) application 21.40.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2078 | 1 Komodia | 1 Redirector Sdk | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, a different vulnerability than CVE-2015-2077. | |||||
| CVE-2014-7632 | 1 News Revolution - Bahrain Project | 1 News Revolution - Bahrain | 2025-04-12 | 5.4 MEDIUM | N/A |
| The news revolution - bahrain (aka com.news.revolution.BH) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2025-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||||
| CVE-2014-6878 | 1 Rbfcu | 1 Rbfcu Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2721 | 5 Canonical, Debian, Mozilla and 2 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | |||||
| CVE-2014-5958 | 1 Chatbox | 1 Chatbox - Chat Rooms | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5831 | 1 Happylabs | 1 Hotel Story\ | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7507 | 1 Androidcommunity | 1 Hector Leal | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||