Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7576 | 1 Phimviethoa | 1 Chien Binh Bakugan 2 Longtieng | 2025-04-12 | N/A |
| The Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7577 | 1 Bandh | 1 B\&h Photo Video Pro Audio | 2025-04-12 | N/A |
| The B&H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7578 | 1 Biebernoticias | 1 Bieber News Now | 2025-04-12 | N/A |
| The Bieber News Now (aka com.jbnews) application 12.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7582 | 1 C2ae | 1 Water Lateral Sizer | 2025-04-12 | N/A |
| The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-8867 | 3 Canonical, Php, Redhat | 3 Ubuntu Linux, Php, Rhel Software Collections | 2025-04-12 | N/A |
| The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors. | ||||
| CVE-2014-3620 | 2 Apple, Haxx | 3 Mac Os X, Curl, Libcurl | 2025-04-12 | N/A |
| cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain. | ||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2025-04-12 | 5.3 Medium |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | ||||
| CVE-2014-7093 | 1 Pocketmags | 1 Superbike Magazine | 2025-04-12 | N/A |
| The Superbike Magazine (aka com.triactivemedia.superbike) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7102 | 1 Quotezone | 1 Car Insurance Quote Comparison | 2025-04-12 | N/A |
| The Car Insurance Quote Comparison (aka com.seopa.quotezone) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7107 | 1 Magzter | 1 Human Factor | 2025-04-12 | N/A |
| The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7115 | 1 Mailgod | 1 Letters To God - Soc. Network | 2025-04-12 | N/A |
| The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-7120 | 1 Pocketmags | 1 Model Laboratory | 2025-04-12 | N/A |
| The Model Laboratory (aka com.magazinecloner.modellaboratory) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6758 | 1 Mgsasia | 1 Qin Story | 2025-04-12 | N/A |
| The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6760 | 1 Haremthief | 1 Harem Thief Dating | 2025-04-12 | N/A |
| The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6762 | 1 Bongomovie Project | 1 Bongomovie | 2025-04-12 | N/A |
| The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6768 | 1 Anywhere Anytime Yoga Workout Project | 1 Anywhere Anytime Yoga Workout | 2025-04-12 | N/A |
| The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6769 | 1 Mobilesoft | 1 Meteo Belgique | 2025-04-12 | N/A |
| The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2013-4346 | 2 Redhat, Urbanairship | 3 Satellite, Satellite Capsule, Python-oauth2 | 2025-04-12 | N/A |
| The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. | ||||
| CVE-2013-6805 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | N/A |
| OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, which makes it easier for (1) remote attackers to discover credentials by sniffing the network or (2) local users to discover credentials by reading a .eod8 file. | ||||
| CVE-2013-6807 | 1 Opentext | 1 Exceed Ondemand | 2025-04-12 | N/A |
| The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ciphers by default, which allows man-in-the-middle attackers to bypass server certificate validation, redirect a connection, and obtain sensitive information via crafted responses. | ||||