Total
2492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5996 | 1 Gebrauchtwagenreport | 1 Dekra Used Car Report | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6902 | 1 Anjuke | 1 Anjuke | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5636 | 1 Granita | 1 Cloud Browser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Cloud Browser (aka com.granitamalta.cloudbrowser) application 2.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7449 | 3 Canonical, Hexchat Project, Xchat | 4 Ubuntu Linux, Hexchat, Xchat and 1 more | 2025-04-12 | 5.8 MEDIUM | 6.5 MEDIUM |
| The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2015-2859 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | 5.8 MEDIUM | N/A |
| Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2091 | 1 Apache | 1 Mod-gnutls | 2025-04-12 | 5.0 MEDIUM | N/A |
| The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof clients via a crafted certificate. | |||||
| CVE-2014-6965 | 1 Faz | 1 Faz.net | 2025-04-12 | 5.4 MEDIUM | N/A |
| The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7739 | 1 Deceiver | 1 Anahi A Adopter Fr | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7756 | 1 Radiohead Fan Project | 1 Radiohead Fan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5942 | 1 Baby Stomach Surgery Project | 1 Baby Stomach Surgery | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6845 | 1 Mediafire | 1 Mediafire | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MediaFire (aka com.mediafire.android) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-4432 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.7 MEDIUM | N/A |
| fdesetup in Apple OS X before 10.10 does not properly display the encryption status in between a setting-update action and a reboot action, which might make it easier for physically proximate attackers to obtain cleartext data by leveraging ignorance of the reboot requirement. | |||||
| CVE-2014-7509 | 1 Ireadercity | 1 A Very Short History Of Japan | 2025-04-12 | 5.4 MEDIUM | N/A |
| The A Very Short History of Japan (aka com.ireadercity.c51) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5611 | 1 Ebay-kleinanzeigen | 1 Ebay Kleinanzeigen For Germany | 2025-04-12 | 5.4 MEDIUM | N/A |
| The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application 5.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5553 | 1 Ilearnwith | 1 Kids Preschool Learning Games | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5603 | 1 Deskroll | 1 Deskroll Remote Desktop | 2025-04-12 | 5.4 MEDIUM | N/A |
| The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5876 | 1 Westerndigital | 1 Wd My Cloud | 2025-04-12 | 5.4 MEDIUM | N/A |
| The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5733 | 1 Water Wish | 1 Shop Love | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Shop Love (aka com.waterwish.shoplove) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5981 | 1 Moweather | 1 Moweather | 2025-04-12 | 5.4 MEDIUM | N/A |
| The MoWeather (aka com.moji.moweather) application 1.40.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7697 | 1 Endulujans | 1 Eyvah\! Bosandim Ozgurum | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||