Total
2484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5419 | 3 Debian, Haxx, Opensuse | 3 Debian Linux, Libcurl, Leap | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. | |||||
| CVE-2015-5655 | 1 Adways | 1 Party Track Sdk | 2025-04-12 | 5.8 MEDIUM | N/A |
| The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7695 | 1 Easaa | 1 Easaa Baoneng | 2025-04-12 | 5.4 MEDIUM | N/A |
| The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7467 | 1 Magzter | 1 Honeybee Mag | 2025-04-12 | 5.4 MEDIUM | N/A |
| The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7506 | 1 Imapp | 1 Realtime Music Rank | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6928 | 1 Rastreadordecelulares | 1 Rastreador De Celulares | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application 5.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5403 | 1 Hospira | 1 Mednet | 2025-04-12 | 5.0 MEDIUM | N/A |
| Hospira MedNet before 6.1 uses hardcoded cryptographic keys for protection of data transmission from infusion pumps, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-6931 | 1 Myapp | 1 Treves Dance Center | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5915 | 1 Tigo | 1 Tigo Copa Mundial Fifa 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7554 | 1 Bouqs - Flowers Simplified Project | 1 Bouqs - Flowers Simplified | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bouqs - Flowers Simplified (aka com.bouqs.activity) application 1.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7603 | 1 Graveydesign | 1 Gravey Design | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Gravey Design (aka com.dreamstep.wGraveyDesign) application 0.58.13357.54919 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7638 | 1 Nobexrc | 1 Fabuestereo 88.1 Fm | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6921 | 1 Orderingapps | 1 Buckhorn Grill | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7033 | 1 Livezilla | 1 Livezilla | 2025-04-12 | 4.3 MEDIUM | N/A |
| LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. | |||||
| CVE-2014-7435 | 1 Onesolutionapps | 1 Ajd Bail Bonds | 2025-04-12 | 5.4 MEDIUM | N/A |
| The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6789 | 1 Boopsie | 1 Anaheim Library 2go\! | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7100 | 1 Sm3ny | 1 Www.sm3ny.com | 2025-04-12 | 5.4 MEDIUM | N/A |
| The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5641 | 1 Cubettechnologies | 1 Cloud Manager | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-6033 | 1 Qolsys | 1 Iq Panel | 2025-04-12 | 9.3 HIGH | N/A |
| Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update. | |||||
| CVE-2014-0076 | 1 Openssl | 1 Openssl | 2025-04-12 | 1.9 LOW | N/A |
| The Montgomery ladder implementation in OpenSSL through 1.0.0l does not ensure that certain swap operations have a constant-time behavior, which makes it easier for local users to obtain ECDSA nonces via a FLUSH+RELOAD cache side-channel attack. | |||||