Total
2500 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6900 | 1 Core-apps | 1 Eage Amsterdam 2014 | 2025-04-12 | 5.4 MEDIUM | N/A |
| The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application 6.1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7307 | 1 Forosocuellamos | 1 Forosocuellamos | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7368 | 1 Creatingahaven | 1 Compassion Satisfaction | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application 0.75.13440.35155 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5591 | 1 Franklychat | 1 Frankly Chat | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Frankly Chat (aka com.chatfrankly.android) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6653 | 1 Wordboxapps | 1 Afghan Radio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3570 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not properly calculate the square of a BIGNUM value, which might make it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, related to crypto/bn/asm/mips.pl, crypto/bn/asm/x86_64-gcc.c, and crypto/bn/bn_asm.c. | |||||
| CVE-2014-8275 | 1 Openssl | 1 Openssl | 2025-04-12 | 5.0 MEDIUM | N/A |
| OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k does not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, related to crypto/asn1/a_verify.c, crypto/dsa/dsa_asn1.c, crypto/ecdsa/ecs_vrf.c, and crypto/x509/x_all.c. | |||||
| CVE-2014-7546 | 1 Buddhist Prayer Project | 1 Buddhist Prayer | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7620 | 1 Authorsontourlive | 1 Authors On Tour - Live\! | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-1571 | 1 Fortinet | 1 Fortios | 2025-04-12 | 4.3 MEDIUM | N/A |
| The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the Fortinet_Factory certificate and private key. NOTE: FG-IR-15-002 says "The Fortinet_Factory certificate is unique to each device ... An attacker cannot therefore stage a MitM attack. | |||||
| CVE-2014-5607 | 1 Disney | 1 Where\'s My Water\? Free | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5918 | 1 Secretcircle | 1 Secret Circle - Talk Freely | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Secret Circle - talk freely (aka com.easyxapp.secret) application 2.2.00.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6735 | 1 Bmobile | 1 Imagine Next Bmobile | 2025-04-12 | 5.4 MEDIUM | N/A |
| The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7762 | 1 Bite It\! Project | 1 Bite It\! | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7758 | 1 Andsocialrew | 1 Amkamal Science Portfolio | 2025-04-12 | 5.4 MEDIUM | N/A |
| The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5902 | 1 Uacinemas | 1 Ua Cinemas - Mobile Ticketing | 2025-04-12 | 5.4 MEDIUM | N/A |
| The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-7626 | 1 Atme | 1 Atme | 2025-04-12 | 5.4 MEDIUM | N/A |
| The Atme (aka com.bedigital.atme) application 1.0.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-6852 | 1 Automon | 1 Ledline.gr Official | 2025-04-12 | 5.4 MEDIUM | N/A |
| The LedLine.gr Official (aka com.automon.ledline.gr) application 1.4.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5810 | 1 Sgk | 1 Sgk Hizmet Dokumu 4a | 2025-04-12 | 5.4 MEDIUM | N/A |
| The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1.103 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-2993 | 1 Birebin | 1 Birebin.com App | 2025-04-12 | 6.4 MEDIUM | N/A |
| The Birebin.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||