Total
2492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6970 | 1 Graphicstylus | 1 North American Ismaili Games | 2025-04-12 | 5.4 MEDIUM | N/A |
| The North American Ismaili Games (aka hr.apps.n166983741) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2471 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2434. | |||||
| CVE-2014-7590 | 1 Webpromoexperts | 1 Webpromoexperts | 2025-04-12 | 5.4 MEDIUM | N/A |
| The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7589 | 1 Icbc | 1 Industrial And Commercial Bank Of China | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application 2.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6728 | 1 Mythinkpal | 1 Thinkpal | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-6371 | 2 Fedoraproject, Json-c | 2 Fedora, Json-c | 2025-04-12 | 5.0 MEDIUM | N/A |
| The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | |||||
| CVE-2014-6747 | 1 Seeon | 1 Seeon | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-8371 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-12 | 4.3 MEDIUM | N/A |
| VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before Update 3, and 5.0 before Update 3c does not properly validate certificates when connecting to a CIM Server on an ESXi host, which allows man-in-the-middle attackers to spoof CIM servers via a crafted certificate. | |||||
| CVE-2014-5419 | 1 Ge | 14 Multilink Ml1200, Multilink Ml1200 Firmware, Multilink Ml1600 and 11 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware 4.2.1 and earlier and Multilink ML810, ML3000, and ML3100 switches with firmware 5.2.0 and earlier use the same RSA private key across different customers' installations, which makes it easier for remote attackers to obtain the cleartext content of network traffic by reading this key from a firmware image and then sniffing the network. | |||||
| CVE-2016-5957 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote attackers to defeat cryptographic protection mechanisms and obtain sensitive information by leveraging a weak algorithm. | |||||
| CVE-2014-7968 | 1 Redhat | 1 Virtual Desktop Service Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open. | |||||
| CVE-2014-5835 | 1 Clubpersonal | 1 Club Personal | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Club Personal (aka com.globant.clubpersonal) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4901 | 1 Tradingandinvesting4u | 1 Bond Trading | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bond Trading (aka com.appmakr.app613309) application 197705 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6901 | 1 Nobexrc | 1 Radios Del Ecuador | 2025-04-12 | 5.4 MEDIUM | N/A |
| The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application 3.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7001 | 1 Ijianren | 1 Jian Ren | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6851 | 1 Nbcfc | 1 New Beginnings Cfc | 2025-04-12 | 5.4 MEDIUM | N/A |
| The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2025-04-12 | 5.0 MEDIUM | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | |||||
| CVE-2014-7617 | 1 Roads365 | 1 Www.roads365.com | 2025-04-12 | 5.4 MEDIUM | N/A |
| The www.roads365.com (aka ydx.android) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5939 | 1 Travelzad | 1 Travelzadcomvb | 2025-04-12 | 5.4 MEDIUM | N/A |
| The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6652 | 1 Wizaz | 1 Wizaz Forum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||