Total
2484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7772 | 1 Mb Tickets Project | 1 Mb Tickets | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-8840 | 1 Apple | 1 Iphone Os | 2025-04-12 | 6.8 MEDIUM | N/A |
| The iTunes Store component in Apple iOS before 8.1.3 allows remote attackers to bypass a Safari sandbox protection mechanism by leveraging redirection of an SSL URL to the iTunes Store. | |||||
| CVE-2014-6770 | 1 Apppasta | 1 Aerospace Jobs | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Aerospace Jobs (aka com.app_aerospacejobs.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6640 | 1 Dnb | 1 Dnb Trade | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7011 | 1 Nwtc | 1 Nwtc Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5759 | 1 Awesome Antivirus 2014 Project | 1 Awesome Antivirus 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7622 | 1 Affinitycu | 1 Affinity Mobile Atm Locator | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6828 | 1 Gecu | 1 Gulf Credit Union | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7345 | 1 Diychatroom | 1 Diychatroom | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7075 | 1 Happycloud | 1 Happy | 2025-04-12 | 5.4 MEDIUM | N/A |
| The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6848 | 1 Synology | 1 Ds File | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DS file (aka com.synology.DSfile) application 4.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6670 | 1 Singaporemotherhood | 1 Singaporemotherhood Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcomforum) application 3.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7036 | 1 Questfcu | 1 Quest Federal Cu Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5565 | 1 Gadgettrak | 1 Gadgettrak Mobile Security | 2025-04-12 | 5.4 MEDIUM | N/A |
| The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0897 | 1 Ibm | 1 Flex System Manager | 2025-04-12 | 3.5 LOW | N/A |
| The Configuration Patterns component in IBM Flex System Manager (FSM) 1.2.0.x, 1.2.1.x, 1.3.0.x, and 1.3.1.x uses a weak algorithm in an encryption step during Chassis Management Module (CMM) account creation, which makes it easier for remote authenticated users to defeat cryptographic protection mechanisms via unspecified vectors. | |||||
| CVE-2014-5779 | 1 Jackdapp | 1 Jack\'d - Gay Chat \& Dating | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application 1.9.0a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4346 | 1 Urbanairship | 1 Python-oauth2 | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | |||||
| CVE-2015-7940 | 3 Bouncycastle, Opensuse, Oracle | 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | |||||
| CVE-2014-7042 | 1 Nteloswireless | 1 My Ntelos | 2025-04-12 | 5.4 MEDIUM | N/A |
| The My nTelos (aka com.telespree.ntelospostpay) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: nTelos Wireless has indicated that this vulnerability report is incorrect | |||||
| CVE-2014-7371 | 1 Appearingbusiness | 1 Magic Balloonman Marty Boone | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||