Total
2473 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5703 | 1 Slingo | 1 Slingo Lottery Challenge | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7692 | 1 Rowlandsolutions | 1 Lent Experience | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Lent Experience (aka com.wLentExperience) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5950 | 1 Smtown | 1 Now | 2026-05-06 | 5.4 MEDIUM | N/A |
| The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5772 | 1 Govhk | 1 Government Bookstore | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Government Bookstore (aka hksarg.isd.sop.govbookstore) application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6707 | 1 7sage | 1 7sage Lsat Prep - Proctor | 2026-05-06 | 5.4 MEDIUM | N/A |
| The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-0800 | 2 Openssl, Pulsesecure | 3 Openssl, Client, Steel Belted Radius | 2026-05-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | |||||
| CVE-2014-5527 | 1 Tapjoy | 1 Tapjoy Library | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5743 | 1 Wegoi | 1 Re-volt 2 \ | 2026-05-06 | 5.4 MEDIUM | N/A |
| The RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5785 | 1 Playscape | 1 Bouncy Bill World-cup | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Bouncy Bill World-Cup (aka mominis.Generic_Android.Bouncy_Bill_World_Cup) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7784 | 1 Magzter | 1 Schon\! Magazine | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-0205 | 1 Openssl | 1 Openssl | 2026-05-06 | 5.0 MEDIUM | N/A |
| The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. | |||||
| CVE-2014-5908 | 1 Kmart | 1 Kmart | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Kmart (aka com.kmart.android) application @7F0C00EF for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5694 | 1 Scoutmob | 1 Scoutmob Local Deals \& Event | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7770 | 1 Mediaonlinecenter | 1 Lagu Pop Indonesia | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7505 | 1 Apptalk Project | 1 Apptalk | 2026-05-06 | 5.4 MEDIUM | N/A |
| The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5558 | 1 Mdickie | 1 Hard Time | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5596 | 1 Withhive | 1 Homerun Battle 2 | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.google.global.android.common) application 1.2.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6875 | 1 Woodforest | 1 Woodforest Mobile Banking | 2026-05-06 | 5.4 MEDIUM | N/A |
| The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-4716 | 1 N-tron | 1 702w Industrial Wireless Access Point | 2026-05-06 | 8.8 HIGH | N/A |
| N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | |||||
| CVE-2014-5674 | 1 Picsart | 1 Picsart - Photo Studio | 2026-05-06 | 5.4 MEDIUM | N/A |
| The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||