Total
2470 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5541 | 1 Differencegames | 1 Hidden Memory - Aladdin Free\! | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application 1.0.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5540 | 1 Flickatrade | 1 Flick A Trade | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5526 | 1 Inmobi | 1 Inmobi | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5531 | 1 Goabode | 1 Abode | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5539 | 1 Amiscu | 1 Michael Baker Federal Credit Union | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5538 | 1 Amiscu | 1 Westmoreland Water Fcu | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5536 | 1 Bashgaming | 1 Bingo Bash Free Bingo Casino | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5535 | 1 Girlgame | 1 Baby Get Up - Kids Care | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5532 | 1 Adidas | 1 Honolulu | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Honolulu (aka adidas.jp.android.running.honolulu) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5529 | 1 Gameloft | 1 Gameloft Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Gameloft library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5527 | 1 Tapjoy | 1 Tapjoy Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5525 | 1 Playscape | 1 Mominis Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5524 | 1 Adcolony | 1 Adcolony Library | 2014-09-09 | 5.4 MEDIUM | N/A |
| The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-2379 | 1 Sensysnetworks | 4 Trafficdot, Vds, Vsn240-f and 1 more | 2014-09-08 | 5.4 MEDIUM | N/A |
| Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and TrafficDOT before 2.10.3 do not use encryption, which allows remote attackers to interfere with traffic control by replaying transmissions on a wireless network. | |||||
| CVE-2014-3908 | 1 Amazon | 1 Kindle | 2014-09-02 | 5.8 MEDIUM | N/A |
| The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-7144 | 3 Apple, Linecorp, Microsoft | 3 Mac Os X, Line, Windows | 2014-08-18 | 4.3 MEDIUM | N/A |
| LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-3902 | 1 Cyberagent | 1 Ameba | 2014-08-15 | 5.8 MEDIUM | N/A |
| The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2013-4595 | 1 Gordon Heydon | 1 Secure Pages | 2014-06-24 | 4.3 MEDIUM | N/A |
| The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive information via a crafted web page. | |||||
| CVE-2013-6491 | 2 Openstack, Redhat | 2 Oslo, Openstack | 2014-06-20 | 4.3 MEDIUM | N/A |
| The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2014-2001 | 1 Jreast | 1 Jr East Japan | 2014-06-19 | 5.8 MEDIUM | N/A |
| The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | |||||