Total
2492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7061 | 1 Modsimconnected | 1 Modsim World 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MODSIM World 2014 (aka com.concursive.modsimworld) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7252 | 1 Kde | 1 Kde Applications | 2025-04-12 | 5.0 MEDIUM | N/A |
| kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack. | |||||
| CVE-2016-7439 | 1 Wolfssl | 1 Wolfssl | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The C software implementation of RSA in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences. | |||||
| CVE-2014-7344 | 1 Pocketmags | 1 Classic Arms \& Militaria | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7609 | 1 Miniclip | 1 Istunt 2 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-8329 | 1 Sap | 1 Manufacturing Integration And Intelligence | 2025-04-12 | 5.0 MEDIUM | N/A |
| SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274. | |||||
| CVE-2014-7724 | 1 Chemssou Blink Project | 1 Chemssou Blink | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5528 | 1 Appsflyer | 1 Appsflyer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6988 | 1 Lumberapps | 1 Quotes In Images | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Quotes in Images (aka pt.lumberapps.imagensfrases) application 3.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7487 | 1 Pocketmags | 1 Adt Aesthetic Dentistry Today | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2016-5774 | 1 Blue Coat | 1 Packetshaper S-series | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
| The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters. | |||||
| CVE-2014-6982 | 1 Arabic Troll Football Project | 1 Arabic Troll Football | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6818 | 1 Core-apps | 1 Ohbm 20th Annual Meeting | 2025-04-12 | 5.4 MEDIUM | N/A |
| The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6726 | 1 30a | 1 30a | 2025-04-12 | 5.4 MEDIUM | N/A |
| The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7587 | 1 Designtoolkits | 1 Blocked In Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Blocked in Free (aka com.blueup.blocked) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7521 | 1 Mobiloapps | 1 Anderson Musaamil | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anderson Musaamil (aka com.app_andersonmusaamil.layout) application 1.400 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7108 | 1 Appbelle | 1 Stop Headaches And Migraines | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7733 | 1 Magzter | 1 Karaf Magazin | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5369 | 1 Enigmail | 1 Enigmail | 2025-04-12 | 4.3 MEDIUM | N/A |
| Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-6401 | 1 Jansson Project | 1 Jansson | 2025-04-12 | 5.0 MEDIUM | N/A |
| Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document. | |||||