Total
2494 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-5568 | 1 Androkera | 1 Las Vegas Lottery Scratch Off | 2025-04-12 | N/A |
| The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5552 | 1 Ilearnwith | 1 Numbers \& Addition\! Math Games | 2025-04-12 | N/A |
| The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5555 | 1 Ilearnwith | 1 Counting \& Addition Kids Games | 2025-04-12 | N/A |
| The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5559 | 1 Josiane Sauveterre | 1 Goldfish Care | 2025-04-12 | N/A |
| The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5562 | 1 Coles Credit Cards | 1 Coles Credit Card App | 2025-04-12 | N/A |
| The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-4716 | 1 N-tron | 1 702w Industrial Wireless Access Point | 2025-04-12 | N/A |
| N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. | ||||
| CVE-2016-6899 | 1 Huawei | 14 Rh1288 V3 Server, Rh1288 V3 Server Firmware, Rh2288 V3 Server and 11 more | 2025-04-12 | N/A |
| The Intelligent Baseboard Management Controller (iBMC) in Huawei RH1288 V3 servers with software before V100R003C00SPC613, RH2288 V3 servers with software before V100R003C00SPC617, RH2288H V3 servers with software before V100R003C00SPC515, RH5885 V3 servers with software before V100R003C10SPC102, and XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610 might allow remote attackers to decrypt encrypted data and consequently obtain sensitive information by leveraging selection of an insecure SSL encryption algorithm. | ||||
| CVE-2014-5572 | 1 Jazzpodiumdetor | 1 Jazzpodium De Tor | 2025-04-12 | N/A |
| The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-6014 | 1 Ingen-studios | 1 Conquest Of Fantasia | 2025-04-12 | N/A |
| The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5580 | 1 Backgroundcheckprotool | 1 Backgroundcheckprotool | 2025-04-12 | N/A |
| The BackgroundCheckProTool (aka com.BackgroundCheckProTool) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2015-1355 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting a brute-force attack. | ||||
| CVE-2012-5583 | 1 Apereo | 1 Phpcas | 2025-04-12 | N/A |
| phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2012-5662 | 1 Paul Mattes | 1 X3270 | 2025-04-12 | N/A |
| x3270 before 3.3.12ga12 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2014-5590 | 1 Snake Evolution Project | 1 Snake Evolution | 2025-04-12 | N/A |
| The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5537 | 1 Chewysoftware | 1 Abduction Stacker Free | 2025-04-12 | N/A |
| The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2013-4488 | 1 Libgadu | 1 Libgadu | 2025-04-12 | N/A |
| libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers. | ||||
| CVE-2016-5672 | 1 Intel | 1 Crosswalk | 2025-04-12 | N/A |
| Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2014-5598 | 1 Withhive | 1 Puzzle Family | 2025-04-12 | N/A |
| The Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.global.android.common) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2013-4442 | 1 Pwgen Project | 1 Pwgen | 2025-04-12 | N/A |
| Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | ||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2025-04-12 | 5.3 Medium |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | ||||