Total
2484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6010 | 1 Awesomewidgets | 1 Rasta Weed Widgets Hd | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-5468 | 1 Ibm | 1 Algo One | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt login requests, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-1582 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority. | |||||
| CVE-2014-7567 | 1 Webges | 1 Imig 2012 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5996 | 1 Gebrauchtwagenreport | 1 Dekra Used Car Report | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6902 | 1 Anjuke | 1 Anjuke | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5636 | 1 Granita | 1 Cloud Browser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cloud Browser (aka com.granitamalta.cloudbrowser) application 2.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7449 | 3 Canonical, Hexchat Project, Xchat | 4 Ubuntu Linux, Hexchat, Xchat and 1 more | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2015-2859 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | 5.8 MEDIUM | N/A |
| Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2025-04-12 | 5.0 MEDIUM | N/A |
| The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | |||||
| CVE-2014-6965 | 1 Faz | 1 Faz.net | 2025-04-12 | 5.4 MEDIUM | N/A |
| The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7739 | 1 Deceiver | 1 Anahi A Adopter Fr | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7756 | 1 Radiohead Fan Project | 1 Radiohead Fan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5942 | 1 Baby Stomach Surgery Project | 1 Baby Stomach Surgery | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6845 | 1 Mediafire | 1 Mediafire | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MediaFire (aka com.mediafire.android) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4432 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.7 MEDIUM | N/A |
| fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | |||||
| CVE-2014-7509 | 1 Ireadercity | 1 A Very Short History Of Japan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5611 | 1 Ebay-kleinanzeigen | 1 Ebay Kleinanzeigen For Germany | 2025-04-12 | 5.4 MEDIUM | N/A |
| The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application 5.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5553 | 1 Ilearnwith | 1 Kids Preschool Learning Games | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5603 | 1 Deskroll | 1 Deskroll Remote Desktop | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||