Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7568 | 1 Automon | 1 Marcus Butler Unofficial | 2025-04-12 | N/A |
| The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application 1.4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7560 | 1 Fabasoft | 1 Fabasoft Cloud | 2025-04-12 | N/A |
| The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6759 | 1 Downton Abbey Fan Portal Project | 1 Downton Abbey Fan Portal | 2025-04-12 | N/A |
| The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7544 | 1 Narr8 | 1 Secret City - Motion Comic | 2025-04-12 | N/A |
| The Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7528 | 1 Apptive | 1 Horsepower | 2025-04-12 | N/A |
| The Horsepower (aka com.apptive.android.apps.horsepower) application 2.10.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6752 | 1 Mindless Behavior Fan Base Project | 1 Mindless Behavior Fan Base | 2025-04-12 | N/A |
| The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2013-4595 | 1 Gordon Heydon | 1 Secure Pages | 2025-04-12 | N/A |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. | ||||
| CVE-2014-7519 | 1 Cyclingforfun | 1 Cycling Manager Game Cff | 2025-04-12 | N/A |
| The Cycling Manager Game Cff (aka com.CyclingManagerGame) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7508 | 1 Childrens | 1 Help For Doc | 2025-04-12 | N/A |
| The Help For Doc (aka com.childrens.physician.relations) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-2721 | 6 Canonical, Debian, Mozilla and 3 more | 12 Ubuntu Linux, Debian Linux, Firefox and 9 more | 2025-04-12 | N/A |
| Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. | ||||
| CVE-2014-7507 | 1 Androidcommunity | 1 Hector Leal | 2025-04-12 | N/A |
| The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-3902 | 1 Cyberagent | 1 Ameba | 2025-04-12 | N/A |
| The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6751 | 1 Grasshopper | 1 Grasshopper Beta | 2025-04-12 | N/A |
| The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-6702 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2025-04-12 | N/A |
| Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | ||||
| CVE-2014-5931 | 1 Stopandshop | 1 Stop \& Shop Scan It\! Mobile | 2025-04-12 | N/A |
| The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5954 | 1 Sbi | 1 State Bank Anywhere | 2025-04-12 | N/A |
| The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7499 | 1 Ireadercity | 1 Sword | 2025-04-12 | N/A |
| The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5690 | 1 Runtastic | 1 Runtastic Timer | 2025-04-12 | N/A |
| The Runtastic Timer (aka com.runtastic.android.timer) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6748 | 1 Gemaire | 1 Gemaire\'s Hvac Assist | 2025-04-12 | N/A |
| The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-8281 | 1 Samsung | 1 Web Viewer | 2025-04-12 | N/A |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. | ||||