Total
2490 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7458 | 1 Bloomyou | 1 Bloomyou Valentine | 2025-04-12 | 5.4 MEDIUM | N/A |
| The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7436 | 1 Kanaka | 1 Novnc | 2025-04-12 | 4.3 MEDIUM | N/A |
| noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2014-7640 | 1 Hotel-room | 1 Hotel Room | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6772 | 1 Unitedecu | 1 United Educational Cu | 2025-04-12 | 5.4 MEDIUM | N/A |
| The United Educational CU (aka com.metova.cuae.uecu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6778 | 1 Gcspublishing | 1 Goat Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6824 | 1 Kamkomesan Project | 1 Kamkomesan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-7438 | 1 Wolfssl | 1 Wolfssl | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of ECC in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||||
| CVE-2014-6799 | 1 Broadcom | 1 Investigation Tool | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7753 | 1 Cir | 1 Circa News | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1355 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | 2.1 LOW | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | |||||
| CVE-2014-3750 | 1 Bilyoner | 1 Bilyoner | 2025-04-12 | 5.8 MEDIUM | N/A |
| The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6983 | 1 Nbe | 1 Nbe | 2025-04-12 | 5.4 MEDIUM | N/A |
| The NBE (aka com.nbe.app) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5525 | 1 Playscape | 1 Mominis Library | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7368 | 1 Creatingahaven | 1 Compassion Satisfaction | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5796 | 1 Passion4profession | 1 Chest Workout | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-6257 | 4 Amazonbasics, Dell, Lenovo and 1 more | 14 Firmware, Usb Dongle, Wireless Keyboard and 11 more | 2025-04-12 | 3.3 LOW | 6.5 MEDIUM |
| The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack." | |||||
| CVE-2014-7572 | 1 Fallacystudios | 1 Stoner\'s Handbook L- Bud Guide | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application 7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5639 | 1 Adt-taxis | 1 Adt Taxis | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ADT Taxis (aka com.icabbi.adttaxisApp) application 6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5708 | 1 Gameinfo | 1 Best Racing\/moto Games Ranking | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Best Racing/moto Games Ranking (aka com.subapp.android.racing) application 2.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5559 | 1 Josiane Sauveterre | 1 Goldfish Care | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||