Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6686 | 1 Zoho | 1 Zoho Books - Accounting App | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7705 | 1 Mbtcreations | 1 Atkins Diet Free Shopping List | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5806 | 1 Wargaming | 1 World Of Tanks Assistant | 2025-04-12 | 5.4 MEDIUM | N/A |
| The World of Tanks Assistant (aka ru.worldoftanks.mobile) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6661 | 1 163 | 1 Netease Movie | 2025-04-12 | 5.4 MEDIUM | N/A |
| The netease movie (aka com.netease.movie) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-2992 | 1 Misli | 1 Misli.com App | 2025-04-12 | 6.4 MEDIUM | N/A |
| The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7419 | 1 Pokecreator | 1 Pokecreator Lite | 2025-04-12 | 5.4 MEDIUM | N/A |
| The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0058 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | 1.9 LOW | N/A |
| The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by reading the log files. | |||||
| CVE-2013-6994 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | 6.4 MEDIUM | N/A |
| OpenText Exceed OnDemand (EoD) 8 transmits the session ID in cleartext, which allows remote attackers to perform session fixation attacks by sniffing the network. | |||||
| CVE-2014-5773 | 1 Registeredassistant Project | 1 Registeredassistant | 2025-04-12 | 5.4 MEDIUM | N/A |
| The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7444 | 1 Baidu | 1 Baidu Navigation | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5688 | 1 Runtastic | 1 Runtastic Pedometer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6777 | 1 Blueeleph Project | 1 Blueeleph | 2025-04-12 | 5.4 MEDIUM | N/A |
| The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7316 | 1 Synrevoice | 1 Safe Arrival | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6023 | 1 S-peek | 1 S-peek Credit Rating Report | 2025-04-12 | 5.4 MEDIUM | N/A |
| The s-peek credit rating report (aka com.rhomobile.speek) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5740 | 1 Webroot | 1 Security - Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7763 | 1 Mirucho | 1 Listen Up\! Mirucho | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6894 | 1 Lucktastic | 1 Lucktastic | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7710 | 1 Magzter | 1 India Today Telugu | 2025-04-12 | 5.4 MEDIUM | N/A |
| The India Today Telugu (aka com.magzter.indiatoday.telugu) application 3.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0852 | 1 Ibm | 2 Websphere Datapower Soa Appliance, Websphere Datapower Soa Appliance Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an SSL/TLS side-channel timing attack. | |||||
| CVE-2015-0205 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via crafted TLS Handshake Protocol traffic to a server that recognizes a Certification Authority with DH support. | |||||