Total
2448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5584 | 1 Beenverified | 1 Background Check Beenverified | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Background Check BeenVerified (aka com.beenverified.android) application 4.01.67 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2010-4832 | 1 Google | 1 Android | 2025-04-12 | 4.3 MEDIUM | N/A |
| Android OS before 2.2 does not display the correct SSL certificate in certain cases, which might allow remote attackers to spoof trusted web sites via a web page containing references to external sources in which (1) the certificate of the last loaded resource is checked, instead of for the main page, or (2) later certificates are not checked when the HTTPS connection is reused. | |||||
| CVE-2014-7521 | 1 Mobiloapps | 1 Anderson Musaamil | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anderson Musaamil (aka com.app_andersonmusaamil.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7423 | 1 Magzter | 1 Youth Incorporated | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Youth Incorporated (aka com.magzter.youthincorporated) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7610 | 1 Kadinlar Kulubu Kkmobileapp Project | 1 Kadinlar Kulubu Kkmobileapp | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-5717 | 1 Siemens | 1 Compas | 2025-04-12 | 5.8 MEDIUM | N/A |
| The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6017 | 1 Lazyer | 1 Doodle Drop | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-1948 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
| Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is used for a lightweight-theme installation, which allows man-in-the-middle attackers to replace a theme's images and colors by modifying the client-server data stream. | |||||
| CVE-2014-6008 | 1 Secondfiction | 1 Blitz Bingo | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7009 | 1 Hkbn | 1 Hkbn My Account | 2025-04-12 | 5.4 MEDIUM | N/A |
| The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6702 | 1 Starsat | 1 Starsat International | 2025-04-12 | 5.4 MEDIUM | N/A |
| The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application 1.41.54.9222 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6831 | 1 Hippostudio | 1 Hippo Studio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5973 | 1 Socialknowledge | 1 Aquarium Advice | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Aquarium Advice (aka com.socialknowledge.aquariumadvice) application 3.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5570 | 1 Aol | 1 Dailyfinance - Stocks \& News | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7008 | 1 Frandroid | 1 Forum Frandroid Beta | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7385 | 1 Livezilla | 1 Livezilla | 2025-04-12 | 6.8 MEDIUM | N/A |
| LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033. | |||||
| CVE-2014-6884 | 1 Ford | 1 Ford Credit Account Manager | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6761 | 1 Pimpstore | 1 Aprende A Meditar | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7498 | 1 Xaos | 1 Space Cinema | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7020 | 1 Diabetes | 1 Diabetes Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application 3.9.30 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||