Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0282 | 1 Gnu | 1 Gnutls | 2025-04-12 | 5.0 MEDIUM | N/A |
| GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspecified vectors. | |||||
| CVE-2012-6107 | 1 Apache | 1 Apache Axis2\/c | 2025-04-12 | 4.3 MEDIUM | N/A |
| Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2014-4888 | 1 Tequilagames | 1 Battlefriends At Sea Gold | 2025-04-12 | 5.4 MEDIUM | N/A |
| The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7423 | 1 Magzter | 1 Youth Incorporated | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Youth Incorporated (aka com.magzter.youthincorporated) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7628 | 1 Priorswood | 1 Acorn Comms | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0017 | 1 Libssh | 1 Libssh | 2025-04-12 | 1.9 LOW | N/A |
| The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. | |||||
| CVE-2014-6681 | 1 Wordbox | 1 Mahabharata Audiocast | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6932 | 1 All Navalny Project | 1 All Navalny | 2025-04-12 | 5.4 MEDIUM | N/A |
| The All Navalny (aka com.all.navalny) application 1.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5936 | 1 Incognito Private Browser Project | 1 Incognito Private Browser | 2025-04-12 | 5.4 MEDIUM | N/A |
| The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7010 | 1 Utsa | 1 Utsa Mobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7712 | 1 Tiket | 1 Tiket.com Hotel \& Flight | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Tiket.com Hotel & Flight (aka com.tiket.gits) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-0936 | 1 Ibm | 1 Security Appscan Source | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM Security AppScan Source 8.0 through 9.0, when the publish-assessment permission is not properly restricted for the configured database server, transmits cleartext assessment data, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2013-4488 | 1 Libgadu | 1 Libgadu | 2025-04-12 | 4.3 MEDIUM | N/A |
| libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. | |||||
| CVE-2014-7723 | 1 Cmu | 1 Carnegie Mellon Silicon Valley | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6637 | 1 Praninc | 1 Facebook Facts | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5849 | 1 Disney | 1 Maleficent Free Fall | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5900 | 1 Myhomeworkapp | 1 Myhomework Student Planner | 2025-04-12 | 5.4 MEDIUM | N/A |
| The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5965 | 1 Groovemusic Project | 1 Groovemusic | 2025-04-12 | 5.4 MEDIUM | N/A |
| The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7122 | 1 Gannett | 1 Lansing State Journal Print | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Lansing State Journal Print (aka com.lansingjournal.android.prod) application 6.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6876 | 1 Serve | 1 American Express Serve | 2025-04-12 | 5.4 MEDIUM | N/A |
| The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||