Total
2474 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6854 | 1 Eyexam | 1 Eyexam | 2025-04-12 | 5.4 MEDIUM | N/A |
The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5634 | 1 Madipass | 1 Madipass Martinique | 2025-04-12 | 5.4 MEDIUM | N/A |
The Madipass Martinique (aka com.goodbarber.madipassmartinique) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5749 | 1 Wooga | 1 Jelly Splash | 2025-04-12 | 5.4 MEDIUM | N/A |
The Jelly Splash (aka com.wooga.jelly_splash) application 1.11.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5848 | 1 Iqnect | 1 Dubstep Hero | 2025-04-12 | 5.4 MEDIUM | N/A |
The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2000-1254 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise-shift operations that exceed the size of an expression, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging improper RSA key generation on 64-bit HP-UX platforms. | |||||
CVE-2014-7483 | 1 Desire2learn Fusion 2014 Project | 1 Desire2learn Fusion 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application 4.0.729.1748 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6668 | 1 Nana Project | 1 African Radios Live | 2025-04-12 | 5.4 MEDIUM | N/A |
The African Radios Live (aka com.nana.africanradioslive) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5675 | 1 Pinssible | 1 Phonegram - Instagram Download | 2025-04-12 | 5.4 MEDIUM | N/A |
The Phonegram - Instagram Download (aka com.pinssible.padgram) application 1.9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6882 | 1 Western | 1 Western Federal Credit Union | 2025-04-12 | 5.4 MEDIUM | N/A |
The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7376 | 1 Facebook Profits On Steroids Project | 1 Facebook Profits On Steroids | 2025-04-12 | 5.4 MEDIUM | N/A |
The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7045 | 1 Onesolutionapps | 1 Bust Out Bail | 2025-04-12 | 5.4 MEDIUM | N/A |
The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5813 | 1 Alrazylabs | 1 Lostword | 2025-04-12 | 5.4 MEDIUM | N/A |
The lostword (aka zozo.android.lostword) application 5.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5960 | 1 Kbv | 1 Federal Doctors | 2025-04-12 | 5.4 MEDIUM | N/A |
The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2434 | 1 Microsoft | 1 Xml Core Services | 2025-04-12 | 4.3 MEDIUM | N/A |
Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack, aka "MSXML Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2471. | |||||
CVE-2014-6021 | 1 H-dvisa | 1 Harley-davidson Visa | 2025-04-12 | 5.4 MEDIUM | N/A |
The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-5676 | 1 Playrix | 1 Township | 2025-04-12 | 5.4 MEDIUM | N/A |
The Township (aka com.playrix.township) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-6851 | 1 Nbcfc | 1 New Beginnings Cfc | 2025-04-12 | 5.4 MEDIUM | N/A |
The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2014-7683 | 1 Booksellerscanada | 1 Free Canadian Author Previews | 2025-04-12 | 5.4 MEDIUM | N/A |
The Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2015-2323 | 1 Fortinet | 1 Fortios | 2025-04-12 | 6.4 MEDIUM | N/A |
FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle attackers to spoof TLS content by modifying packets. | |||||
CVE-2016-0800 | 2 Openssl, Pulsesecure | 3 Openssl, Client, Steel Belted Radius | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. |