Search Results (2510 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-5798 1 Nonghyup 1 Smart Calculator 2025-04-12 N/A
The smart.calculator (aka nh.smart.calculator) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5799 1 Nonghyup 1 Smart Card 2025-04-12 N/A
The smart.card (aka nh.smart.card) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5778 1 Pou 1 Pou 2025-04-12 N/A
The Pou (aka me.pou.app) application 1.4.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5783 1 Playscape 1 Bouncy Bill Monster Smasher Ed 2025-04-12 N/A
The Bouncy Bill Monster Smasher ed (aka mominis.Generic_Android.Bouncy_Bill_Monster_Smasher_Edition) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5771 1 Cuoftexas 1 Credit Union Of Texas Mobile 2025-04-12 N/A
The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5806 1 Wargaming 1 World Of Tanks Assistant 2025-04-12 N/A
The World of Tanks Assistant (aka ru.worldoftanks.mobile) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5678 1 Pop-hub 1 Iq Test 2025-04-12 N/A
The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-6445 1 Redhat 1 Enterprise Mrg 2025-04-12 N/A
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via a brute-force attack.
CVE-2014-5772 1 Govhk 1 Government Bookstore 2025-04-12 N/A
The Government Bookstore (aka hksarg.isd.sop.govbookstore) application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5809 1 Geniuscloud 1 Smart Browser 2025-04-12 N/A
The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5769 1 Mobiscope 1 Mobiscope Local 2025-04-12 N/A
The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5813 1 Alrazylabs 1 Lostword 2025-04-12 N/A
The lostword (aka zozo.android.lostword) application 5.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5674 1 Picsart 1 Picsart - Photo Studio 2025-04-12 N/A
The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7385 1 Livezilla 1 Livezilla 2025-04-12 N/A
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7033.
CVE-2014-5770 1 Web Browser For Android Project 1 Web Browser For Android 2025-04-12 N/A
The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2013-7436 2 Kanaka, Redhat 2 Novnc, Openstack 2025-04-12 N/A
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2013-7449 3 Canonical, Hexchat Project, Xchat 4 Ubuntu Linux, Hexchat, Xchat and 1 more 2025-04-12 N/A
The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2014-0017 1 Libssh 1 Libssh 2025-04-12 N/A
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
CVE-2014-5773 1 Registeredassistant Project 1 Registeredassistant 2025-04-12 N/A
The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2014-5766 1 Mobileeventguide 1 Uber B2b 2025-04-12 N/A
The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.