Search Results (4416 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5976 1 Alibaba 1 Alibaba 2025-04-12 N/A
The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5974 1 Psecu 1 Psecu Mobile\+ 2025-04-12 N/A
The PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5968 1 Igolf 1 Igolf - Golf Gps 2025-04-12 N/A
The iGolf - Golf GPS (aka com.igolf) application 20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7649 1 Pocketmags 1 Classic Car Buyer 2025-04-12 N/A
The Classic Car Buyer (aka com.magazinecloner.carbuyer) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-4763 2 Apple, Microsoft 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7646 1 Buzztouch 1 Emt-paramedic Lite 2025-04-12 N/A
The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7640 1 Hotel-room 1 Hotel Room 2025-04-12 N/A
The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7620 1 Authorsontourlive 1 Authors On Tour - Live\! 2025-04-12 N/A
The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7617 1 Roads365 1 Www.roads365.com 2025-04-12 N/A
The www.roads365.com (aka ydx.android) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7610 1 Kadinlar Kulubu Kkmobileapp Project 1 Kadinlar Kulubu Kkmobileapp 2025-04-12 N/A
The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application 3.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-6962 1 Publicstuff 1 Elk Grove Publicstuff 2025-04-12 N/A
The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7525 1 Okacloud 1 Domain Name Search \& Web Host 2025-04-12 N/A
The Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application 0.64.13398.55733 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7522 1 Maccabi4u 1 Maccabi Pakal 2025-04-12 N/A
The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-1146 1 Apple 1 Mac Os X 2025-04-12 N/A
The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.
CVE-2016-5084 1 Animas 2 Onetouch Ping, Onetouch Ping Firmware 2025-04-12 N/A
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-7517 1 Myanmar Movies Hd Project 1 Myanmar Movies Hd 2025-04-12 N/A
The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7515 1 Onesolutionapps 1 Bail Bonds 2025-04-12 N/A
The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7513 1 Appbelle 1 Top Hangover Cures 2025-04-12 N/A
The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-7506 1 Imapp 1 Realtime Music Rank 2025-04-12 N/A
The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application 5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2015-0834 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.