Weekly Vulnerabilities Reports > September 8 to 14, 2014
Overview
472 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 443 products from 342 vendors including Microsoft, IBM, Linux, Playscape, and Google. Vulnerabilities are notably categorized as "Cryptographic Issues", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "SQL Injection".
- 112 reported vulnerabilities are remotely exploitables.
- 13 reported vulnerabilities have public exploit available.
- 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 453 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 54 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 47 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
48 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2014-09-11 | CVE-2014-2624 | HP | Unspecified vulnerability in HP Network Node Manager I 9.0/9.10/9.20 Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264. | 10.0 |
| 2014-09-10 | CVE-2014-0554 | Adobe Apple Microsoft Linux | Security Bypass vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors. | 10.0 |
| 2014-09-10 | CVE-2014-0559 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556. | 10.0 |
| 2014-09-10 | CVE-2014-0557 | Adobe Linux Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. | 10.0 |
| 2014-09-10 | CVE-2014-0556 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559. | 10.0 |
| 2014-09-10 | CVE-2014-0555 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0552. | 10.0 |
| 2014-09-10 | CVE-2014-0553 | Adobe Opensuse Suse Apple Microsoft Linux | Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2014-09-10 | CVE-2014-0552 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0555. | 10.0 |
| 2014-09-10 | CVE-2014-0551 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and CVE-2014-0555. | 10.0 |
| 2014-09-10 | CVE-2014-0550 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. | 10.0 |
| 2014-09-10 | CVE-2014-0549 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. | 10.0 |
| 2014-09-10 | CVE-2014-0547 | Adobe Apple Microsoft Linux | Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555. | 10.0 |
| 2014-09-10 | CVE-2014-4111 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110. | 9.3 |
| 2014-09-10 | CVE-2014-4110 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4109 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4108 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4107 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4106 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4105 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4104 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4103 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4102 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4091. | 9.3 |
| 2014-09-10 | CVE-2014-4101 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4096. | 9.3 |
| 2014-09-10 | CVE-2014-4100 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4099 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
| 2014-09-10 | CVE-2014-4098 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4092. | 9.3 |
| 2014-09-10 | CVE-2014-4097 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4096 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101. | 9.3 |
| 2014-09-10 | CVE-2014-4095 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101. | 9.3 |
| 2014-09-10 | CVE-2014-4094 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4093 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4084. | 9.3 |
| 2014-09-10 | CVE-2014-4092 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4098. | 9.3 |
| 2014-09-10 | CVE-2014-4091 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4102. | 9.3 |
| 2014-09-10 | CVE-2014-4090 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4089 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4091, and CVE-2014-4102. | 9.3 |
| 2014-09-10 | CVE-2014-4088 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4087 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4095, CVE-2014-4096, and CVE-2014-4101. | 9.3 |
| 2014-09-10 | CVE-2014-4086 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
| 2014-09-10 | CVE-2014-4085 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4084 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10 Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4093. | 9.3 |
| 2014-09-10 | CVE-2014-4083 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4082 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
| 2014-09-10 | CVE-2014-4081 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4080 | Microsoft | Buffer Errors vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102. | 9.3 |
| 2014-09-10 | CVE-2014-4079 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4065 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-4059 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
| 2014-09-10 | CVE-2014-2799 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111. | 9.3 |
14 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2014-09-12 | CVE-2014-3362 | Cisco | Resource Management Errors vulnerability in Cisco products Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677. | 7.8 |
| 2014-09-12 | CVE-2014-5440 | Mpexsolutions | SQL Injection vulnerability in Mpexsolutions Mx-Smartimer SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter. | 7.5 |
| 2014-09-12 | CVE-2014-2008 | Mpay24 Project | SQL Injection vulnerability in Mpay24 Project Mpay24 SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | 7.5 |
| 2014-09-12 | CVE-2014-4811 | IBM | Credentials Management vulnerability in IBM products IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address. | 7.5 |
| 2014-09-11 | CVE-2014-6241 | WT Directory Project | SQL Injection vulnerability in WT Directory Project WT Directory SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-09-11 | CVE-2014-6239 | Address Visualization With Google Maps Project | SQL Injection vulnerability in Address Visualization With Google Maps Project Address Visualization With Google Maps SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-09-11 | CVE-2014-6236 | Lumonet PHP Include Project | Arbitrary Code Execution vulnerability in Lumonet PHP Include Project Lumonet PHP Include 1.2.0 Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links. | 7.5 |
| 2014-09-11 | CVE-2014-6235 | Kennziffer | Remote Code Execution vulnerability in Kennziffer KE Dompdf 0.0.3 Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors. | 7.5 |
| 2014-09-11 | CVE-2014-6233 | Flat Manager Project | SQL Injection vulnerability in Flat Manager Project Flat Manager 2.7.9 SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2014-09-11 | CVE-2014-6231 | CWT Frontend Edit Project | Remote Code Execution vulnerability in CWT Frontend Edit Project CWT Frontend Edit 1.2.4 Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. | 7.5 |
| 2014-09-11 | CVE-2014-5519 | Phpwiki Project | Code Injection vulnerability in PHPwiki Project PHPwiki 1.5.0 The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. | 7.5 |
| 2014-09-11 | CVE-2014-2223 | Plogger | Code Injection vulnerability in Plogger 1.0 Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/. | 7.5 |
| 2014-09-10 | CVE-2014-0548 | Adobe Apple Microsoft Linux | Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | 7.5 |
| 2014-09-10 | CVE-2014-4074 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability." | 7.2 |
401 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2014-09-12 | CVE-2014-6270 | Squid Cache Oracle | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow. | 6.8 |
| 2014-09-12 | CVE-2013-4444 | Apache | Code Injection vulnerability in Apache Tomcat Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file. | 6.8 |
| 2014-09-10 | CVE-2014-4865 | Cacheguard | Cross-Site Request Forgery (CSRF) vulnerability in Cacheguard Cacheguardos 5.7.7 Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2014-09-10 | CVE-2014-4789 | IBM | Session Fixation vulnerability in IBM Initiate Master Data Service Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors. | 6.8 |
| 2014-09-10 | CVE-2014-4783 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Initiate Master Data Service Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
| 2014-09-11 | CVE-2014-6043 | Zohocorp | Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0 ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. | 6.5 |
| 2014-09-11 | CVE-2014-5460 | Tribulant | Improper Input Validation vulnerability in Tribulant Tibulant Slideshow Gallery Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. | 6.5 |
| 2014-09-11 | CVE-2012-4240 | Group Office | SQL Injection vulnerability in Group-Office Groupoffice SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | 6.5 |
| 2014-09-10 | CVE-2014-4785 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Initiate Master Data Service Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
| 2014-09-10 | CVE-2014-3037 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM products Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
| 2014-09-12 | CVE-2014-5888 | Bibleslots | Cryptographic Issues vulnerability in Bibleslots Slots:Bible Slots Free 1.122 The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application 1.122 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-12 | CVE-2014-5887 | Yell | Cryptographic Issues vulnerability in Yell Local Search 4.2.1.4 The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-12 | CVE-2014-5886 | Ceskatelevize | Cryptographic Issues vulnerability in Ceskatelevize Ivysilani Ceske Televize 1.6 The iVysilani ceske televize (aka cz.motion.ivysilani) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-12 | CVE-2014-5885 | PDC | Cryptographic Issues vulnerability in PDC Disaster Alert 3.2 The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-12 | CVE-2014-5884 | 1Und1 | Cryptographic Issues vulnerability in 1Und1 1&1 Online Storage 5.0.11 The 1&1 Online Storage (aka de.einsundeins.smartdrive) application 5.0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-12 | CVE-2014-5883 | 7 Eleven | Cryptographic Issues vulnerability in 7-Eleven 2.08.000 The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5882 | Applica | Cryptographic Issues vulnerability in Applica Homoo Ijiri 3.7 The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5881 | Yahoo | Cryptographic Issues vulnerability in Yahoo Ybox 1.5.1 The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5879 | Tvguide Project | Cryptographic Issues vulnerability in Tvguide Project Tvguide 1.9.14 The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5878 | I UM | Cryptographic Issues vulnerability in I-Um IUM 3.3.4 The ium (aka net.ium.mobile.android) application 3.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5877 | Mini Group | Cryptographic Issues vulnerability in Mini Group TV Guide 5.4.3 The TV Guide (aka net.micene.minigroup.palimpsests.lite) application 5.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5876 | Westerndigital | Cryptographic Issues vulnerability in Westerndigital WD MY Cloud 4.0.0 The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5875 | Sylpheo | Cryptographic Issues vulnerability in Sylpheo Sylphone 5.3.8 The Sylphone (aka com.sylpheo.prospectosyl) application 5.3.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5874 | Splashid | Cryptographic Issues vulnerability in Splashid 7.2.2 The SplashID (aka com.splashidandroid) application 7.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5873 | Sears | Cryptographic Issues vulnerability in Sears 6.2.8 The Sears (aka com.sears.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5872 | Safenet INC | Cryptographic Issues vulnerability in Safenet-Inc Safenetmobile Pass 8.3.7.11 The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5871 | Piwik | Cryptographic Issues vulnerability in Piwik Mobile 2 2.0.1 The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5870 | Kmart | Cryptographic Issues vulnerability in Kmart 6.2.8 The Kmart (aka com.kmart.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5869 | CNN | Cryptographic Issues vulnerability in CNN Cnnmoney Portfolio 1.03 The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5868 | Cisco | Cryptographic Issues vulnerability in Cisco Technical Support 3.7.1 The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5867 | Sparkpay | Cryptographic Issues vulnerability in Sparkpay Capital ONE Spark 0.9.81 The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5866 | DMV CA GOV | Cryptographic Issues vulnerability in Dmv.Ca.Gov CA DMV 2.0 The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5865 | ASK | Cryptographic Issues vulnerability in ASK Ask.Com 2.2.5 The Ask.com (aka com.ask.android) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5864 | Getswish | Cryptographic Issues vulnerability in Getswish Swish Payments 2.0 The Swish payments (aka se.bankgirot.swish) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-11 | CVE-2014-5863 | Netmarble | Cryptographic Issues vulnerability in Netmarble Mpang.Gp 4.0.0 The mpang.gp (aka air.com.cjenm.mpang.gp) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-10 | CVE-2014-0351 | Fortinet | Cryptographic Issues vulnerability in Fortinet Fortios The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream. | 5.4 |
| 2014-09-10 | CVE-2014-5862 | Zhwnl | Cryptographic Issues vulnerability in Zhwnl Ecalendar2 4.5.3 The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-10 | CVE-2014-5861 | Skout | Cryptographic Issues vulnerability in Skout Boyahoy - GAY Chat 4.3.6 The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-10 | CVE-2014-5860 | Aximediasoft | Cryptographic Issues vulnerability in Aximediasoft Slide Show Creator 4.4.3 The Slide Show Creator (aka com.amem) application 4.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-10 | CVE-2014-5859 | Animoca | Cryptographic Issues vulnerability in Animoca Star Girl: Colors of Spring 3.4.1 The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-10 | CVE-2014-5858 | Candy Blast Project | Cryptographic Issues vulnerability in Candy Blast Project Candy Blast 1.1.001 The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-10 | CVE-2014-5857 | Avantar | Cryptographic Issues vulnerability in Avantar White & Yellow Pages 5.1.1 The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-6025 | Chartboost | Cryptographic Issues vulnerability in Chartboost Library 2.0.2 The Chartboost library before 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5856 | Communityfactory | Cryptographic Issues vulnerability in Communityfactory Selfie Camera -Facial Beauty- 1.2.7 The Selfie Camera -Facial Beauty- (aka com.cfinc.cunpic) application 1.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5855 | Cjmall | Cryptographic Issues vulnerability in Cjmall 4.1.8 The CJmall (aka com.cjoshppingphone) application 4.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5854 | Clearhub | Cryptographic Issues vulnerability in Clearhub Windows Live Hotmail Push Mail 1.00.97 The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5853 | Withive | Cryptographic Issues vulnerability in Withive Knights N Squires 1.1.2 The Knights N Squires (aka com.com2us.imhero.normal.freefull.google.global.android.common) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5852 | Withhive | Cryptographic Issues vulnerability in Withhive Kakao 2.11.1.0 The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.android.common) application 2.11.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5851 | Darksummoner | Cryptographic Issues vulnerability in Darksummoner Dark Summoner 1.03.39 The Dark Summoner (aka com.darksummoner) application 1.03.39 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5850 | Kaavefali | Cryptographic Issues vulnerability in Kaavefali Kaave Fali 1.5.1 The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5849 | Disney | Cryptographic Issues vulnerability in Disney Maleficent Free Fall 1.2.0 The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5848 | Iqnect | Cryptographic Issues vulnerability in Iqnect Dubstep Hero 1.9 The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5847 | Mobiledeluxe | Cryptographic Issues vulnerability in Mobiledeluxe BIG WIN Slots - Slot Machines 1.11.2 The Big Win Slots - Slot Machines (aka com.gosub60.BigWinSlots) application 1.11.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5846 | Mobgams | Cryptographic Issues vulnerability in Mobgams Fairy Princess Makeover Salon 1.7 The Fairy Princess Makeover Salon (aka com.mobgams.dressup.fairy.princess.makeover) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5845 | Thirdwire | Cryptographic Issues vulnerability in Thirdwire Strike Fighters Israel 1.2.4 The Strike Fighters Israel (aka com.thirdwire.strikefighters.mideast.android) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5844 | Alsunna Project | Cryptographic Issues vulnerability in Alsunna Project Alsunna 0.1 The Alsunna (aka com.wAlsunna) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5843 | Adp4U | Cryptographic Issues vulnerability in Adp4U ADP Agency Immobiliare 0.1 The ADP AGENCY Immobiliare (aka com.wAdpagencyAndroid) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5842 | 2G Live TV Project | Cryptographic Issues vulnerability in 2G Live TV Project 2G Live TV 0.9 The 2G Live Tv (aka com.ww2GLiveTv) application 0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5841 | Cybird | Cryptographic Issues vulnerability in Cybird Girls Calendar Period&Weight 3.2.2 The Girls Calendar Period&Weight (aka jp.co.cybird.apps.lifestyle.cal) application 3.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5840 | Forfone | Cryptographic Issues vulnerability in Forfone Forfone: Free Calls & Messages 1.5.11 The forfone: Free Calls & Messages (aka com.forfone.sip) forfone application 1.5.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5839 | Labanquepostale | Cryptographic Issues vulnerability in Labanquepostale Acces Compte 3.2.6 The Acces Compte (aka com.fullsix.android.labanquepostale.accountaccess) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5838 | 6677G | Cryptographic Issues vulnerability in 6677G Girls Games - Shoes Maker 1.0.1 The Girls Games - Shoes Maker (aka com.g6677.android.shoemaker) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5837 | Game Insight | Cryptographic Issues vulnerability in Game-Insight MY Railway 1.1.33 The My Railway (aka com.gameinsight.myrailway) application 1.1.33 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5836 | Gittigidiyor | Cryptographic Issues vulnerability in Gittigidiyor 1.4.1 The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5835 | Clubpersonal | Cryptographic Issues vulnerability in Clubpersonal Club Personal 2.6 The Club Personal (aka com.globant.clubpersonal) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5834 | Mobiledeluxe | Cryptographic Issues vulnerability in Mobiledeluxe Solitaire Deluxe 2.8.5 The Solitaire Deluxe (aka com.gosub60.solfree2) application 2.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5833 | Onelouder | Cryptographic Issues vulnerability in Onelouder Friendcaster Chat 2.0 The FriendCaster Chat (aka com.handmark.friendcaster.chat) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5832 | Hanabank | Cryptographic Issues vulnerability in Hanabank 4.06 The hananbank (aka com.hanabank.ebk.channel.android.hananbank) application 4.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5831 | Happylabs | Cryptographic Issues vulnerability in Happylabs Hotel Story: Resort Simulation 1.7.9B The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5830 | Farm Frenzy Gold Project | Cryptographic Issues vulnerability in Farm Frenzy Gold Project Farm Frenzy Gold 1.0.1 The Farm Frenzy Gold (aka com.herocraft.game.farmfrenzy.gold) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5829 | Hobbylobby | Cryptographic Issues vulnerability in Hobbylobby Hobby Lobby Stores 2.1.9 The Hobby Lobby Stores (aka com.hobbylobbystores.android) application 2.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5828 | Drei | Cryptographic Issues vulnerability in Drei 3Kundenzone 2.0 The 3Kundenzone (aka com.hutchison3g.at.android.selfcare) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5827 | Ibotta | Cryptographic Issues vulnerability in Ibotta - Better Than Coupons. 2.5.1 The Ibotta - Better than Coupons. | 5.4 |
| 2014-09-09 | CVE-2014-5826 | RIX GO Locker Theme Project | Cryptographic Issues vulnerability in RIX GO Locker Theme Project RIX GO Locker Theme 1.20.2 The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar) application 1.20.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5825 | Jinfra | Cryptographic Issues vulnerability in Jinfra Guess the Movie 2.982 The Guess The Movie (aka com.june.guessthemovie) application 2.982 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5824 | Ilovegame | Cryptographic Issues vulnerability in Ilovegame Longjiang 2.0.6 The longjiang (aka com.longjiang.kr) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5823 | Thecleanerapp | Cryptographic Issues vulnerability in Thecleanerapp the Cleaner - Speed UP & Clean 1.4.2 The The Cleaner - Speed up & Clean (aka com.liquidum.thecleaner) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5822 | Kate Mobile | Cryptographic Issues vulnerability in Kate Mobile VK Kate Mobile 9.6.1 The VK Kate Mobile (aka com.perm.kate) application 9.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5821 | Guitartuna | Cryptographic Issues vulnerability in Guitartuna Guitar Tuner Free - Guitartuna 2.4.5 The Guitar Tuner Free - GuitarTuna (aka com.ovelin.guitartuna) application 2.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5820 | Okcupid | Cryptographic Issues vulnerability in Okcupid Dating 3.4.6 The OkCupid Dating (com.okcupid.okcupid) application 3.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5819 | Mopl | Cryptographic Issues vulnerability in Mopl Phone for Google Voice & Gtalk 1.0.6 The PHONE for Google Voice & GTalk (aka com.moplus.gvphone) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5818 | Mobage | Cryptographic Issues vulnerability in Mobage Tiny Tower 1.7.0.8 The Tiny Tower (aka com.mobage.ww.a560.tinytower_android) application 1.7.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5817 | Miniclip | Cryptographic Issues vulnerability in Miniclip Mini Pets 2.0.3 The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5816 | Meipai | Cryptographic Issues vulnerability in Meipai 1.2.0 The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5815 | Mavenhut | Cryptographic Issues vulnerability in Mavenhut Solitaire Arena 1.0.15 The Solitaire Arena (aka com.mavenhut.solitaire) application 1.0.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5813 | Alrazylabs | Cryptographic Issues vulnerability in Alrazylabs Lostword 5.9 The lostword (aka zozo.android.lostword) application 5.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5812 | Viedemerde | Cryptographic Issues vulnerability in Viedemerde VDM Officiel 5.0 The VDM Officiel (aka vdm.activities) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5811 | Zoom | Cryptographic Issues vulnerability in Zoom Cloud Meetings @7F060008 The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5810 | SGK | Cryptographic Issues vulnerability in SGK Hizmet Dokumu 4A 1.103 The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1.103 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5808 | Whisper | Cryptographic Issues vulnerability in Whisper 4.0.6 The Whisper (aka sh.whisper) application 4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5807 | Safari Browser Project | Cryptographic Issues vulnerability in Safari Browser Project Safari Browser 1.0 The Safari Browser (aka safari.safaribrowser.internetexplorer) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5806 | Wargaming | Cryptographic Issues vulnerability in Wargaming World of Tanks Assistant 1.7.5 The World of Tanks Assistant (aka ru.worldoftanks.mobile) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5805 | Wamba | Cryptographic Issues vulnerability in Wamba Dating for Everyone - Mamba! 3.5 The Dating for everyone - Mamba! (aka ru.mamba.client) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5804 | Mail RU | Cryptographic Issues vulnerability in Mail.Ru Dating 3.0 The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5803 | Ember Entertainment | Cryptographic Issues vulnerability in Ember-Entertainment Towers N' Trolls 1.6.4 The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5802 | Playscape | Cryptographic Issues vulnerability in Playscape 9.3.3 The PlayScape (aka playscape.mominis.gameconsole.com) application 9.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5801 | Ocshield | Cryptographic Issues vulnerability in Ocshield Datagard VPN + AV @7F050013 The DataGard VPN + AV (aka ocshield.com) application @7F050013 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5800 | Nonghyup | Cryptographic Issues vulnerability in Nonghyup Smart Nhibzbanking 2.1 The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5799 | Nonghyup | Cryptographic Issues vulnerability in Nonghyup Smart Card 3.2 The smart.card (aka nh.smart.card) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5798 | Nonghyup | Cryptographic Issues vulnerability in Nonghyup Smart Calculator 2.0 The smart.calculator (aka nh.smart.calculator) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5797 | Nonghyup | Cryptographic Issues vulnerability in Nonghyup Smart 3.0.5 The smart (aka nh.smart) application 3.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5796 | Passion4Profession | Cryptographic Issues vulnerability in Passion4Profession Chest Workout 2.0.8 The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5794 | Passion4Profession | Cryptographic Issues vulnerability in Passion4Profession 8 Minutes ABS Workout 2.0.9 The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5793 | Mobilecraft | Cryptographic Issues vulnerability in Mobilecraft Bilgi Yarisi 1.8 The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5792 | Drecom | Cryptographic Issues vulnerability in Drecom Reign of Dragons: Build-Battle 2.4.2 The Reign of Dragons: Build-Battle (aka net.gree.android.pf.greeapp57501) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5791 | Daumcorp | Cryptographic Issues vulnerability in Daumcorp Daum Cloud 1.6.18 The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5790 | Playscape | Cryptographic Issues vulnerability in Playscape Pets FUN House 1.0.1 The Pets Fun House (aka mominis.Generic_Android.Pets_Fun_House) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5789 | Playscape | Cryptographic Issues vulnerability in Playscape Ninja Chicken Ooga Booga 1.4.2 The Ninja Chicken Ooga Booga (aka mominis.Generic_Android.Ninja_Chicken_Ooga_Booga) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5788 | Playscape | Cryptographic Issues vulnerability in Playscape Ninja Chicken Adventure Island 1.1.1 The Ninja Chicken Adventure Island (aka mominis.Generic_Android.Ninja_Chicken_Adventure_Island) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5787 | Playscape | Cryptographic Issues vulnerability in Playscape Ninja Chicken 1.7.6 The Ninja Chicken (aka mominis.Generic_Android.Ninja_Chicken) application 1.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5786 | Playscape | Cryptographic Issues vulnerability in Playscape Jewels & Diamonds 1.1.0 The Jewels & Diamonds (aka mominis.Generic_Android.Jewels_and_Diamonds) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5785 | Playscape | Cryptographic Issues vulnerability in Playscape Bouncy Bill World-Cup 1.0.1 The Bouncy Bill World-Cup (aka mominis.Generic_Android.Bouncy_Bill_World_Cup) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5784 | Playscape | Cryptographic Issues vulnerability in Playscape Bouncy Bill Seasons 1.3.9 The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5783 | Playscape | Cryptographic Issues vulnerability in Playscape Bouncy Bill Monster Smasher ED 1.0.3 The Bouncy Bill Monster Smasher ed (aka mominis.Generic_Android.Bouncy_Bill_Monster_Smasher_Edition) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5782 | Playscape | Cryptographic Issues vulnerability in Playscape Bouncy Bill Holloween 1.0.3 The Bouncy Bill Halloween (aka mominis.Generic_Android.Bouncy_Bill_Halloween) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5781 | Playscape | Cryptographic Issues vulnerability in Playscape Bouncy Bill Easter Tales 1.0.4 The Bouncy Bill Easter Tales (aka mominis.Generic_Android.Bouncy_Bill_Easter_Tales) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5780 | Playscape | Cryptographic Issues vulnerability in Playscape Bouncy Bill 1.9.1 The Bouncy Bill (aka mominis.Generic_Android.Bouncy_Bill) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5779 | Jackdapp | Cryptographic Issues vulnerability in Jackdapp Jack'D - GAY Chat & Dating 1.9.0A The Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application 1.9.0a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5778 | POU | Cryptographic Issues vulnerability in POU 1.4.53 The Pou (aka me.pou.app) application 1.4.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5777 | Cocoppa | Cryptographic Issues vulnerability in Cocoppa Icon Wallpaper Dressup-Cocoppa 2.8.4 The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application 2.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5776 | Playmemoriesonline | Cryptographic Issues vulnerability in Playmemoriesonline Playmemories Online 4.2.0.05070 The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application 4.2.0.05070 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5775 | Sfbrowser | Cryptographic Issues vulnerability in Sfbrowser Super Fast Browser 2.0.5.6 The Super Fast Browser (aka iron.web.jalepano.browser) application 2.0.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5774 | WEB Browser Explorer Project | Cryptographic Issues vulnerability in web Browser & Explorer Project web Browser & Explorer 4.0 The Web Browser & Explorer (aka internetexplorer.browser.webexplorer) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5773 | Registeredassistant Project | Cryptographic Issues vulnerability in Registeredassistant Project Registeredassistant 0.2.3 The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5772 | Govhk | Cryptographic Issues vulnerability in Govhk Government Bookstore 1.01 The Government Bookstore (aka hksarg.isd.sop.govbookstore) application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5771 | Cuoftexas | Cryptographic Issues vulnerability in Cuoftexas Credit Union of Texas Mobile 1.1 The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5770 | WEB Browser FOR Android Project | Cryptographic Issues vulnerability in web Browser FOR Android Project web Browser for Android 1.2 The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5769 | Mobiscope | Cryptographic Issues vulnerability in Mobiscope Local 1.05 The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5768 | Foodplannerapp | Cryptographic Issues vulnerability in Foodplannerapp Food Planner 4.8.4.3Google The Food Planner (aka dk.boggie.madplan.android) application 4.8.4.3-google for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5767 | Shape | Cryptographic Issues vulnerability in Shape Im+ 6.6.2 The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5766 | Mobileeventguide | Cryptographic Issues vulnerability in Mobileeventguide Uber B2B 1.9 The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5765 | Lotum | Cryptographic Issues vulnerability in Lotum Paint-For-Friends 1.5.1 The Paint for Friends (aka de.lotumlabs.buddypainting) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5764 | NQ | Cryptographic Issues vulnerability in NQ Antivirus Free 7.2.16.02 The Antivirus Free (aka com.zrgiu.antivirus) application 7.2.16.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5763 | Zoodles | Cryptographic Issues vulnerability in Zoodles KID Mode: Free Games + Lock 4.9.8 The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application 4.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5762 | Zeptolab | Cryptographic Issues vulnerability in Zeptolab CUT the Rope: Time Travel 1.3.4 The Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5761 | Zipcar | Cryptographic Issues vulnerability in Zipcar 3.4.2 The Zipcar (aka com.zc.android) application 3.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5760 | Pizzahut | Cryptographic Issues vulnerability in Pizzahut Pizza HUT 2.0.5 The Pizza Hut (aka com.yum.pizzahut) application 2.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5759 | Awesome Antivirus 2014 Project | Cryptographic Issues vulnerability in Awesome Antivirus 2014 Project Awesome Antivirus 2014 1 The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5758 | Yellowbook | Cryptographic Issues vulnerability in Yellowbook Yellow Pages Local Search 11.0.0 The Yellow Pages Local Search (aka com.yellowbook.android2) application 11.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5757 | Awesomeseating | Cryptographic Issues vulnerability in Awesomeseating BUY Tickets 2.3 The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5756 | 99Only | Cryptographic Issues vulnerability in 99Only BUY 99 Cents Only products 0.1 The Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5755 | Gunhillwireless | Cryptographic Issues vulnerability in Gunhillwireless Verizon 0.1 The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5754 | Verizon Instant Refills 24 7 Project | Cryptographic Issues vulnerability in Verizon Instant Refills 24/7 Project Verizon Instant Refills 24/7 0.1 The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5753 | Ggbu | Cryptographic Issues vulnerability in Ggbu Twitter NO Background 0.85.13509.97828 The Twitter No Background (aka com.wTwitternobackground) application 0.85.13509.97828 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5752 | Wtradersactivity Project | Cryptographic Issues vulnerability in Wtradersactivity Project Wtradersactivity 0.1 The wTradersActivity (aka com.wTradersActivity) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5751 | TOR Browser THE Short Guide Project | Cryptographic Issues vulnerability in TOR Browser the Short Guide Project TOR Browser the Short Guide 0.1 The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5750 | PRO BET Tips Project | Cryptographic Issues vulnerability in PRO BET Tips Project PRO BET Tips 0.2 The Pro Bet Tips (aka com.wProBetTips) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5749 | Wooga | Cryptographic Issues vulnerability in Wooga Jelly Splash 1.11.3 The Jelly Splash (aka com.wooga.jelly_splash) application 1.11.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5748 | Wk12Olslogin Project | Cryptographic Issues vulnerability in Wk12Olslogin Project Wk12Olslogin 0.1 The wK12olslogin (aka com.wK12olslogin) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5747 | Comcast | Cryptographic Issues vulnerability in Comcast Xfinity Constant Guard Mobile 3.1.140603 The XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) application 3.1.140603 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5746 | VKR Soft | Cryptographic Issues vulnerability in VKR Soft Government Best Jobs 0.1 The Government Best Jobs (aka com.wGovernmentBestJobs) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5745 | Free Pageplus Activation Project | Cryptographic Issues vulnerability in Free Pageplus Activation Project Free Pageplus Activation 0.1 The FREE Pageplus Activation (aka com.wFREEPageplusActivations) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5744 | Wegoi | Cryptographic Issues vulnerability in Wegoi Re-Volt 2 : Multiplayer 1.1.4 The RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) application 1.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5743 | Wegoi | Cryptographic Issues vulnerability in Wegoi Re-Volt 2 : Best RC 3D Racing 1.2.6 The RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5742 | Geteversnap | Cryptographic Issues vulnerability in Geteversnap Eversnap Private Photo Album 1.0.23 The Eversnap Private Photo Album (aka com.weddingsnap.android) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5741 | Webroot | Cryptographic Issues vulnerability in Webroot Security - Complete 3.6.0.6610 The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5740 | Webroot | Cryptographic Issues vulnerability in Webroot Security - Free 3.6.0.6610 The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5739 | Webprancer | Cryptographic Issues vulnerability in Webprancer Garfield'S Diner 1.4.0 The Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5738 | Webprancer | Cryptographic Issues vulnerability in Webprancer Garfield'S Defense 1.5.4 The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5737 | Cdsoft | Cryptographic Issues vulnerability in Cdsoft 0.2 The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5736 | Buycoins | Cryptographic Issues vulnerability in Buycoins BUY Coins 0.62.13364.24150 The Buy Coins (aka com.wBuyCoins) application 0.62.13364.24150 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5735 | Home Shopping Apps | Cryptographic Issues vulnerability in Home Shopping Apps BUY A Gift 13529.90084 The Buy A Gift (aka com.wBuyAGift) application 13529.90084 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5734 | APP Maker KS | Cryptographic Issues vulnerability in APP Maker KS BUY Books 0.1 The Buy Books (aka com.wBooksForSale) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5733 | Water Wish | Cryptographic Issues vulnerability in Water Wish Shop Love 1.05 The Shop Love (aka com.waterwish.shoplove) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5732 | Wamba | Cryptographic Issues vulnerability in Wamba Wamba-Meet Women and MEN 3.0 The Wamba - meet women and men (aka com.wamba.client) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5731 | Jiuzhangtech | Cryptographic Issues vulnerability in Jiuzhangtech Word Search 2.3.0 The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5730 | Videotelecom | Cryptographic Issues vulnerability in Videotelecom Russkoe TB HD 3.6 The russkoe TB HD (aka com.videotelecom.russkoeHD) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5729 | Viddy | Cryptographic Issues vulnerability in Viddy 1.3.9 The Viddy (aka com.viddy.Viddy) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5728 | Vevo | Cryptographic Issues vulnerability in Vevo Vevo-Watch HD Music Videos 2.0.27 The Vevo - Watch HD Music Videos (aka com.vevo) application 2.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5727 | Utorrent | Cryptographic Issues vulnerability in Utorrent Remote 1.0.20110929 The uTorrent Remote (aka com.utorrent.web) application 1.0.20110929 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5726 | Ssfcu | Cryptographic Issues vulnerability in Ssfcu Security Service Mybranch APP 7.88.00.145 The Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) application 7.88.00.145 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5725 | Truecaller | Cryptographic Issues vulnerability in Truecaller Truecaller-Caller ID & Block 4.32 The Truecaller - Caller ID & Block (aka com.truecaller) application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5724 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Gambling Insider Magazine @7F0801Aa The Gambling Insider Magazine (aka com.triactivemedia.gambling) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5723 | Trapster | Cryptographic Issues vulnerability in Trapster 4.3.2 The Trapster (aka com.trapster.android) application 4.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5722 | Swiftkey | Cryptographic Issues vulnerability in Swiftkey Keyboard + Emoji 5.0.2.4 The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5721 | Touchnote | Cryptographic Issues vulnerability in Touchnote Postcards 4.2.7 The Touchnote Postcards (aka com.touchnote.android) application 4.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5720 | Topfreegames | Cryptographic Issues vulnerability in Topfreegames Bike Race Free - TOP Free Game 4.3 The Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreeworld) application 4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5719 | Timuz | Cryptographic Issues vulnerability in Timuz Bike Racing 2014 1.6 The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5717 | Animoca | Cryptographic Issues vulnerability in Animoca Fashion Style 3.4.1 The Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5716 | Theonegames | Cryptographic Issues vulnerability in Theonegames Gunship Battle:Helicopter 3D 1.1.7 The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application 1.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5715 | Thegameboss | Cryptographic Issues vulnerability in Thegameboss Street Racing 4.0.4 The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5714 | GO Text | Cryptographic Issues vulnerability in Go-Text Text Me! Free Texting & Call 2.5.5 The Text Me! Free Texting & Call (aka com.textmeinc.textme) application 2.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5713 | Telly | Cryptographic Issues vulnerability in Telly Telly-Watch the Good Stuff 2.5.1 The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5712 | Tektite | Cryptographic Issues vulnerability in Tektite Turbo River Racing Free 1.07 The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5711 | Microsoft | Cryptographic Issues vulnerability in Microsoft Tech Companion 1.0.6 The Microsoft Tech Companion (aka com.technet) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5710 | Flane | Cryptographic Issues vulnerability in Flane Cisco Class Locator Fast Lane The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5709 | Sunstormgames | Cryptographic Issues vulnerability in Sunstormgames Donut Maker 1.27 The Donut Maker (aka com.sunstorm.android.donut) application 1.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5708 | Gameinfo | Cryptographic Issues vulnerability in Gameinfo Best Racing/Moto Games Ranking 2.2.7 The Best Racing/moto Games Ranking (aka com.subapp.android.racing) application 2.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5707 | Animoca | Cryptographic Issues vulnerability in Animoca Bunny RUN 1.1.2 The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5706 | Somcloud | Cryptographic Issues vulnerability in Somcloud Somnote - Journal/Memo 2.1.5 The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5705 | Sega | Cryptographic Issues vulnerability in Sega Sonic CD Lite 1.0.4 The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5704 | Dish | Cryptographic Issues vulnerability in Dish Anywhere 3.5.10 The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5703 | Slingo | Cryptographic Issues vulnerability in Slingo Lottery Challenge 1.0.34 The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5702 | Skyboardapps | Cryptographic Issues vulnerability in Skyboardapps Penguin RUN 1.1 The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5701 | Skout | Cryptographic Issues vulnerability in Skout Skout: Chats. Friends. Fun. 4.3.3 The Skout: Chats. | 5.4 |
| 2014-09-09 | CVE-2014-5700 | Sixdead | Cryptographic Issues vulnerability in Sixdead Brain LAB - Brain AGE Games IQ 2.37 The Brain lab - brain age games IQ (aka com.sixdead.brainlab) application 2.37 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5699 | Perblue | Cryptographic Issues vulnerability in Perblue Parallel Kingdom MMO @7F070019 The Parallel Kingdom MMO (aka com.silvermoon.client) application @7F070019 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5698 | Sheado | Cryptographic Issues vulnerability in Sheado Furdiburb 1.1.2 The Furdiburb (aka com.sheado.lite.pet) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5697 | Dressup | Cryptographic Issues vulnerability in Dressup Dress Up! Girl Party 2.0 The Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5696 | Sega | Cryptographic Issues vulnerability in Sega Sonic 4 Episode II Lite 2.3 The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5695 | Sanriodigital | Cryptographic Issues vulnerability in Sanriodigital Hello Kitty Cafe 1.4.0 The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5694 | Scoutmob | Cryptographic Issues vulnerability in Scoutmob Local Deals & Event 3.0.18 The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5693 | Withbuddies | Cryptographic Issues vulnerability in Withbuddies Slots Vacation - Free Slots 1.47.2 The Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) application 1.47.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5692 | Safeway | Cryptographic Issues vulnerability in Safeway 4.1.0 The Safeway (aka com.safeway.client.android.safeway) application 4.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-6024 | Flurry | Cryptographic Issues vulnerability in Flurry Flurry-Analytics-Android 3.3.0/3.3.2/3.3.4 The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5691 | Rvappstudios | Cryptographic Issues vulnerability in Rvappstudios Best Phone Security 2.1 The Best Phone Security (aka com.rvappstudios.phonesecurity) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5690 | Runtastic | Cryptographic Issues vulnerability in Runtastic Timer 1.0.1 The Runtastic Timer (aka com.runtastic.android.timer) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5689 | Runtastic | Cryptographic Issues vulnerability in Runtastic Road Bike 2.0.1 The Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5688 | Runtastic | Cryptographic Issues vulnerability in Runtastic Pedometer 1.5 The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5687 | Runtastic | Cryptographic Issues vulnerability in Runtastic Mountain Bike 2.0.1 The Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.lite) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5686 | Runtastic | Cryptographic Issues vulnerability in Runtastic ME 1.0.2 The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5685 | Runtastic | Cryptographic Issues vulnerability in Runtastic Heart Rate 1.3 The Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5684 | Runtastic | Cryptographic Issues vulnerability in Runtastic Running & Fitness 5.1.2 The Runtastic Running & Fitness (aka com.runtastic.android) application 5.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5683 | Rubycell | Cryptographic Issues vulnerability in Rubycell Piano Teacher 20140730 The Piano Teacher (aka com.rubycell.pianisthd) application 20140730 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5682 | Retale | Cryptographic Issues vulnerability in Retale - Weekly ADS & Deals 2.1.3 The Retale - Weekly Ads & Deals (aka com.retale.android) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5681 | XDA Developers | Cryptographic Issues vulnerability in Xda-Developers 3.9.8 The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5680 | Tapatalk | Cryptographic Issues vulnerability in Tapatalk 4.8.0 The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5679 | Popuapp | Cryptographic Issues vulnerability in Popuapp Popu 2: GET Likes ON Instagram 1.7.5 The PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5678 | POP HUB | Cryptographic Issues vulnerability in Pop-Hub IQ Test 3.3 The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5677 | Pointinside | Cryptographic Issues vulnerability in Pointinside Point Inside Shopping & Travel 3.1.0 The Point Inside Shopping & Travel (aka com.pointinside.android.app) application 3.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5676 | Playrix | Cryptographic Issues vulnerability in Playrix Township 1.5.1 The Township (aka com.playrix.township) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5675 | Pinssible | Cryptographic Issues vulnerability in Pinssible Phonegram - Instagram Download 1.9.5 The Phonegram - Instagram Download (aka com.pinssible.padgram) application 1.9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5674 | Picsart | Cryptographic Issues vulnerability in Picsart - Photo Studio 4.5.5 The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5673 | NQ | Cryptographic Issues vulnerability in NQ Easy Finder & Anti-Theft 2.0.10.08 The Easy Finder & Anti-Theft (aka com.nqmobile.easyfinder) application 2.0.10.08 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5672 | NQ | Cryptographic Issues vulnerability in NQ Mobile Security & Antivirus 7.2.16.00 The NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) application 7.2.16.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5671 | Noodlecake | Cryptographic Issues vulnerability in Noodlecake Super Stickman Golf 2.2 The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5670 | Ninjakiwi | Cryptographic Issues vulnerability in Ninjakiwi Sas: Zombie Assault 3 2.56 The SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) application 2.56 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5669 | 9Gag | Cryptographic Issues vulnerability in 9Gag - Funny Pics and Videos 2.4.10 The 9GAG - Funny pics and videos (aka com.ninegag.android.app) application 2.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5668 | Band | Cryptographic Issues vulnerability in Band -Group Sharing & Planning 3.2.8 The BAND -Group sharing & planning (aka com.nhn.android.band) application 3.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5667 | NQ | Cryptographic Issues vulnerability in NQ Vault-Hide SMS Pics & Videos 5.0.14.22 The Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application 5.0.14.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5666 | AVD APP | Cryptographic Issues vulnerability in Avd-App AVD Download Video 3.3.13 The AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) application 3.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5664 | Mobilityware | Cryptographic Issues vulnerability in Mobilityware Spider Solitaire 3.0.0 The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5663 | Mobilityware | Cryptographic Issues vulnerability in Mobilityware Freecell Solitaire 2.1.2 The FreeCell Solitaire (aka com.mobilityware.freecell) application 2.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5662 | Miniclip | Cryptographic Issues vulnerability in Miniclip Rail Rush 1.9.0 The Rail Rush (aka com.miniclip.railrush) application 1.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5661 | Miniclip | Cryptographic Issues vulnerability in Miniclip Anger of Stick 3 1.0.3 The Anger of Stick 3 (aka com.miniclip.angerofstick3) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5660 | Mymembersfirst | Cryptographic Issues vulnerability in Mymembersfirst TN Members 1ST Fcu-Rdc 1.0.28 The TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5659 | Metago | Cryptographic Issues vulnerability in Metago Astro File Manager With Cloud Astro4.4.592 The ASTRO File Manager with Cloud (aka com.metago.astro) application ASTRO-4.4.592 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5658 | Mercadolibre | Cryptographic Issues vulnerability in Mercadolibre 3.8.7 The MercadoLibre (aka com.mercadolibre) application 3.8.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5657 | CA Lottery Results Project | Cryptographic Issues vulnerability in CA Lottery Results Project CA Lottery Results 2.1 The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5656 | Traauctions | Cryptographic Issues vulnerability in Traauctions TRA Auctions for Buyers 2.6 The TRA Auctions for Buyers (aka com.manheim.tra) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5655 | Cmcm | Cryptographic Issues vulnerability in Cmcm CM Browser - Fast & Secure 5.0.50 The CM Browser - Fast & Secure (aka com.ksmobile.cb) application 5.0.50 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5654 | Kaspersky | Cryptographic Issues vulnerability in Kaspersky Internet Security 11.4.4.232 The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5653 | Kiragames | Cryptographic Issues vulnerability in Kiragames Unblock ME Free 1.4.4.2 The Unblock Me FREE (aka com.kiragames.unblockmefree) application 1.4.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5652 | Kicksend | Cryptographic Issues vulnerability in Kicksend Photo Prints 1.0.7 The Kicksend Photo Prints (aka com.kicksend.android.print) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5651 | Kicksend | Cryptographic Issues vulnerability in Kicksend Kicksend: Share & Print Photos 3.3.2.18 The Kicksend: Share & Print Photos (aka com.kicksend.android) application 3.3.2.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5650 | Jiuzhangtech | Cryptographic Issues vulnerability in Jiuzhangtech Traffic JAM Free 1.7.7 The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5649 | Ilove | Cryptographic Issues vulnerability in Ilove - Free Dating & Chat APP 1.3.3 The iLove - Free Dating & Chat App (aka com.jestadigital.android.ilove) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5648 | Jaumo | Cryptographic Issues vulnerability in Jaumo Chat Flirt & Dating Heart Jaumo 2.7.5 The Chat, Flirt & Dating Heart JAUMO (aka com.jaumo) application 2.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5647 | Islonline | Cryptographic Issues vulnerability in Islonline ISL Light Remote Desktop 2.1.0 The ISL Light Remote Desktop (aka com.islonline.isllight.mobile.android) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5646 | Iobit | Cryptographic Issues vulnerability in Iobit AMC Security Antivirus Clean 4.4.1 The AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5645 | Intsig | Cryptographic Issues vulnerability in Intsig Camscanner -Phone PDF Creator 3.4.0.20140624 The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application 3.4.0.20140624 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5644 | Intellectualflame | Cryptographic Issues vulnerability in Intellectualflame Brightest LED Flashlight 1.2.4 The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5643 | Instachat | Cryptographic Issues vulnerability in Instachat -Instagram Messenger 1.6.2 The Instachat -Instagram Messenger (aka com.instachat.android) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5642 | Impi | Cryptographic Issues vulnerability in Impi Mobile Security 2.1.0 The IMPI Mobile Security (aka com.impi) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5641 | Cubettechnologies | Cryptographic Issues vulnerability in Cubettechnologies Cloud Manager 1.6 The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5640 | Cmcm | Cryptographic Issues vulnerability in Cmcm CM Backup Restore Cloud Photo 1.1.0.135 The CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) application 1.1.0.135 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5639 | ADT Taxis | Cryptographic Issues vulnerability in Adt-Taxis ADT Taxis 6.0 The ADT Taxis (aka com.icabbi.adttaxisApp) application 6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5638 | Huntington | Cryptographic Issues vulnerability in Huntington Mobile 2.1.222 The Huntington Mobile (aka com.huntington.m) application 2.1.222 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5637 | Jogoeusei | Cryptographic Issues vulnerability in Jogoeusei EU SEI Euseiandroid5.5 The Eu Sei (aka com.guilardi.eusei) application eusei_android_5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5636 | Granita | Cryptographic Issues vulnerability in Granita Cloud Browser 2.2.1 The Cloud Browser (aka com.granitamalta.cloudbrowser) application 2.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5635 | Createdineden | Cryptographic Issues vulnerability in Createdineden BUY Yorkshire Conference 1.4 The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5634 | Madipass | Cryptographic Issues vulnerability in Madipass Martinique 1.8 The Madipass Martinique (aka com.goodbarber.madipassmartinique) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5633 | Girlsgames123 | Cryptographic Issues vulnerability in Girlsgames123 Kiss Office 1.0 The Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5632 | Getsetgames | Cryptographic Issues vulnerability in Getsetgames Mega Jump @7F080002 The Mega Jump (aka com.getsetgames.megajump) application @7F080002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5631 | Casinogame | Cryptographic Issues vulnerability in Casinogame Video Poker Casino 1.0.5 The Video Poker Casino (aka com.geaxgame.videopoker) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5630 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Home Repair 3.7.9 The Home Repair (aka com.gcspublishing.houserepairtalk) application 3.7.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5629 | Gameresort | Cryptographic Issues vulnerability in Gameresort Stupid Zombies 1.12 The Stupid Zombies (aka com.gameresort.stupidzombies) application 1.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5628 | Gameloft | Cryptographic Issues vulnerability in Gameloft Wonder ZOO - Animal Rescue ! 1.6.1 The Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZRHM) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5627 | Gameloft | Cryptographic Issues vulnerability in Gameloft ICE AGE Village 2.8.0 The Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) application 2.8.0m for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5626 | Gameloft | Cryptographic Issues vulnerability in Gameloft Brothers in Arms 2 Free+ 1.2.0 The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application 1.2.0b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5625 | Gamegou | Cryptographic Issues vulnerability in Gamegou Perfect Kick 1.3.0 The Perfect Kick (aka com.gamegou.PerfectKick.google) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5624 | Fungames Forfree | Cryptographic Issues vulnerability in Fungames-Forfree Sniper Shooter Free - FUN Game 2.8 The Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershooter.free) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5623 | Penguinchefshop Project | Cryptographic Issues vulnerability in Penguinchefshop Project Penguinchefshop 1.0.1 The penguinchefshop (aka com.freegames.penguinchefshop) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5622 | Mobbtech | Cryptographic Issues vulnerability in Mobbtech Follow Mania for Instagram 1.2.1 The Follow Mania for Instagram (aka com.followmania) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5621 | Fluik | Cryptographic Issues vulnerability in Fluik Office Zombie 1.3.13 The Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application 1.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5620 | Fluik | Cryptographic Issues vulnerability in Fluik Office Jerk Free 1.7.13 The Office Jerk Free (aka com.fluik.OfficeJerkFree) application 1.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5618 | Fingersoft | Cryptographic Issues vulnerability in Fingersoft Cartoon Camera 1.2.2 The Cartoon Camera (aka com.fingersoft.cartooncamera) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5617 | Exsoul Browser | Cryptographic Issues vulnerability in Exsoul-Browser Exsoul web Browser 3.3.3 The Exsoul Web Browser (aka com.exsoul) application 3.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5616 | Litter Penguin | Cryptographic Issues vulnerability in Litter Penguin web Browser & Explorer 2.0.7 The Web Browser & Explorer (aka com.explore.web.browser) application 2.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5615 | Snapone | Cryptographic Issues vulnerability in Snapone Snap Secure 9.5 The Snap Secure (aka com.exclaim.snapsecure.app) application 9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5614 | Etoolkit | Cryptographic Issues vulnerability in Etoolkit Love Collage - Photo Editor 1.3 The Love Collage - Photo Editor (aka com.etoolkit.lovecollage) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5613 | Entertailion | Cryptographic Issues vulnerability in Entertailion Able Remote 2.3.6 The Able Remote (aka com.entertailion.android.remote) application 2.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5612 | Gmarket | Cryptographic Issues vulnerability in Gmarket 5.1.3 The Gmarket (aka com.ebay.kr.gmarket) application 5.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5611 | Ebay Kleinanzeigen | Cryptographic Issues vulnerability in Ebay-Kleinanzeigen Ebay Kleinanzeigen for Germany 5.0.2 The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application 5.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5610 | AL 3Azmi | Cryptographic Issues vulnerability in AL 3Azmi Ce4Arab Market 0.12.13093.40460 The ce4arab market (aka com.dreamstep.wce4arabmarket) application 0.12.13093.40460 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5609 | Djinnworks | Cryptographic Issues vulnerability in Djinnworks Stickman SKI Racer 2.1 The Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5608 | Djinnworks | Cryptographic Issues vulnerability in Djinnworks Line Runner (Free) 4.0 The Line Runner (Free) (aka com.djinnworks.linerunnerfree) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5607 | Disney | The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5606 | Disney | The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5605 | Digimobistudio | Cryptographic Issues vulnerability in Digimobistudio QQ Copy 1.0 The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5604 | Elokence | Cryptographic Issues vulnerability in Elokence Akinator the Genie Free 2.46 The Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application 2.46 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5603 | Deskroll | Cryptographic Issues vulnerability in Deskroll Remote Desktop 0.6 The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5602 | Magzter | Cryptographic Issues vulnerability in Magzter -Magazine & Book Store 3.31 The Magzter -Magazine & Book Store (aka com.dci.magzter) application 3.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5601 | 1800Contacts | Cryptographic Issues vulnerability in 1800Contacts APP 2.7.0 The 1800CONTACTS App (aka com.contacts1800.ecomapp) application 2.7.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5600 | Familyconnect Project | Cryptographic Issues vulnerability in Familyconnect Project Familyconnect 1.5.0 The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5599 | Withhive | Cryptographic Issues vulnerability in Withhive Tiny Farm 2.02.00 The Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.android.common) application 2.02.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5598 | Withhive | Cryptographic Issues vulnerability in Withhive Puzzle Family 1.2.0 The Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.global.android.common) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5597 | Withhive | Cryptographic Issues vulnerability in Withhive 9 Innings: 2014 PRO Baseball 4.0.3 The 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freefull.google.global.android.common) application 4.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5596 | Withhive | Cryptographic Issues vulnerability in Withhive Homerun Battle 2 1.2.2.0 The Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.google.global.android.common) application 1.2.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5595 | Withhive | Cryptographic Issues vulnerability in Withhive Actionpuzzlefamily for Kakao 1.4.3 The actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.kakao.freefull.google.global.android.common) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5594 | Cibc | Cryptographic Issues vulnerability in Cibc Mobile Banking 3.2 The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5593 | Christiancafe | Cryptographic Issues vulnerability in Christiancafe Christian Dating Cafe 1.0.3 The Christian Dating Cafe (aka com.christiancafe.mobile.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5592 | Choiceoflove | Cryptographic Issues vulnerability in Choiceoflove Free Dating Heart COL 2.6.1 The Free Dating Heart COL (aka com.choiceoflove.dating) application 2.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5591 | Franklychat | Cryptographic Issues vulnerability in Franklychat Frankly Chat 3.0.1 The Frankly Chat (aka com.chatfrankly.android) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5590 | Snake Evolution Project | Cryptographic Issues vulnerability in Snake Evolution Project Snake Evolution 1.3.1 The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5589 | Nowbrowser | Cryptographic Issues vulnerability in Nowbrowser NOW Browser (Material) 2.8.1 The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application Material for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5588 | Free Ebooks Project | Cryptographic Issues vulnerability in Free Ebooks Project Free Ebooks 14.0 The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5587 | Brokenscreencrank Project | Cryptographic Issues vulnerability in Brokenscreencrank Project Brokenscreencrank 1.1 The brokenscreencrank (aka com.biggame.brokenscreencrank) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5586 | Biat | Cryptographic Issues vulnerability in Biat Biatnet 1.1 The BIATNET (aka com.biatnet.mobile) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5585 | Bepopapp | Cryptographic Issues vulnerability in Bepopapp Like4Like:Get Instagram Likes 2.1.5 The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5584 | Beenverified | Cryptographic Issues vulnerability in Beenverified Background Check Beenverified 4.01.67 The Background Check BeenVerified (aka com.beenverified.android) application 4.01.67 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5583 | Blackbeltstudio | Cryptographic Issues vulnerability in Blackbeltstudio Most Popular Ringtones 32 The Most Popular Ringtones (aka com.bbs.mostpopularringtones) application 32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5582 | Makingmoneywithandroid | Cryptographic Issues vulnerability in Makingmoneywithandroid Ingress Intel Helper 1.2 The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5581 | Mirror Photo Shape Project | Cryptographic Issues vulnerability in Mirror Photo & Shape Project Mirror Photo & Shape 1.4 The mirror photo shape (aka com.baiwang.styleinstamirror) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5580 | Backgroundcheckprotool | Cryptographic Issues vulnerability in Backgroundcheckprotool 3.5 The BackgroundCheckProTool (aka com.BackgroundCheckProTool) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5579 | Anywherepad | Cryptographic Issues vulnerability in Anywherepad Anywhere Pad-Meet Collaborate 4.0.1031 The Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) application 4.0.1031 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5578 | Trading 212 | Cryptographic Issues vulnerability in Trading 212 Trading 212 Forex The Trading 212 FOREX (aka com.avuscapital.trading212) application before 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5577 | Beautyntherep | Cryptographic Issues vulnerability in Beautyntherep Avon Buy&Sell 0.3 The AVON Buy & Sell (aka com.AVONBeautyntheRep) application 0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5576 | Avira | Cryptographic Issues vulnerability in Avira Secure Backup 1.2.3 The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5574 | ASK FM | Cryptographic Issues vulnerability in Ask.Fm Ask.Fm-Social Q&A Network 1.2.4 The Ask.fm - Social Q&A Network (aka com.askfm) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5573 | Appstros | Cryptographic Issues vulnerability in Appstros - Free Gift Cards! 1.1.3 The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5572 | Jazzpodiumdetor | Cryptographic Issues vulnerability in Jazzpodiumdetor Jazzpodium DE TOR 206160 The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5571 | Appeak | Cryptographic Issues vulnerability in Appeak Poker 2.4.5 The Appeak Poker (aka com.appeak.poker) application 2.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5570 | AOL | Cryptographic Issues vulnerability in AOL Dailyfinance - Stocks & News 2.0.2.1 The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5569 | Animoca | Cryptographic Issues vulnerability in Animoca Star Girl 3.4.1 The Star Girl (aka com.animoca.google.starGirl) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5568 | Androkera | Cryptographic Issues vulnerability in Androkera LAS Vegas Lottery Scratch OFF 1.2 The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5567 | Hasb E Haal Project | Cryptographic Issues vulnerability in Hasb E Haal Project Hasb E Haal 1.0.9 The hasb_e_haal (aka com.anawaz.hasb_e_haal) application 1.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5566 | Americostech | Cryptographic Issues vulnerability in Americostech Selfshot Front Flash Camera 1.1 The Selfshot - Front Flash Camera (aka com.americos.selfshot) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5565 | Gadgettrak | Cryptographic Issues vulnerability in Gadgettrak Mobile Security 1.6 The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5564 | Aceviral | Cryptographic Issues vulnerability in Aceviral Angry Gran Toss 1.1.1 The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5563 | Show DO Milhao 2014 Project | Cryptographic Issues vulnerability in Show DO Milhao 2014 Project Show DO Milhao 2014 1.4.6 The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5562 | Coles Credit Cards | Cryptographic Issues vulnerability in Coles Credit Cards Coles Credit Card APP 1.0.0 The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5561 | Devarai | Cryptographic Issues vulnerability in Devarai Word Search Free 4.9 The Word Search Free (aka air.wordSearchFree) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5560 | Mdickie | Cryptographic Issues vulnerability in Mdickie Popscene 1.04 The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5559 | Josiane Sauveterre | Cryptographic Issues vulnerability in Josiane Sauveterre Goldfish Care 1.0.3 The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5558 | Mdickie | Cryptographic Issues vulnerability in Mdickie Hard Time 1.111 The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5557 | Commerce | Cryptographic Issues vulnerability in Commerce America'S Economy for Phone 1.5.2 The America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5556 | Flyfishing AND Flytying | Cryptographic Issues vulnerability in Flyfishing-And-Flytying FLY Fishing & FLY Tying 3.21.0 The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application 3.21.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5555 | Ilearnwith | Cryptographic Issues vulnerability in Ilearnwith Counting & Addition Kids Games 1.8.1 The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5554 | Ilearnwith | Cryptographic Issues vulnerability in Ilearnwith FUN Preschool Creativity Game 1.6.2 The Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5553 | Ilearnwith | Cryptographic Issues vulnerability in Ilearnwith Kids Preschool Learning Games 1.3.2 The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5552 | Ilearnwith | Cryptographic Issues vulnerability in Ilearnwith Numbers & Addition! Math Games 1.4.3 The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5551 | Ilearnwith | Cryptographic Issues vulnerability in Ilearnwith Alphabet & Spelling Kids Games 1.4.2 The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5550 | Ilearnwith | Cryptographic Issues vulnerability in Ilearnwith Animals! Kids Preschool Games 1.6.1 The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5549 | Starluxstudios | Cryptographic Issues vulnerability in Starluxstudios Puppy Slots 3.0 The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5548 | Seven Bulls | Cryptographic Issues vulnerability in Seven Bulls Christmas Words 1.0.1 The Christmas Words (aka air.com.sevenBulls.summerWords) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5547 | Permadi | Cryptographic Issues vulnerability in Permadi Mahjong Galaxy Space Lite 2.5 The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5546 | Little Games | Cryptographic Issues vulnerability in Little Games Africa Memory 1.0.1 The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5545 | Torrnad0 | Cryptographic Issues vulnerability in Torrnad0 Sprint Jump 1.0 The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5544 | Freshplanet | Cryptographic Issues vulnerability in Freshplanet Songpop 1.21.2 The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5543 | Differencegames | Cryptographic Issues vulnerability in Differencegames Hidden Object - Alice Free 1.0.17 The Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application 1.0.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5542 | Tamalaki | Cryptographic Issues vulnerability in Tamalaki Hidden Object Mystery 1.0.65 The Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application 1.0.65 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5541 | Differencegames | Cryptographic Issues vulnerability in Differencegames Hidden Memory - Aladdin Free! 1.0.31 The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application 1.0.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5540 | Flickatrade | Cryptographic Issues vulnerability in Flickatrade Flick A Trade 3.3 The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5539 | Amiscu | Cryptographic Issues vulnerability in Amiscu Michael Baker Federal Credit Union 1.2.0 The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5538 | Amiscu | Cryptographic Issues vulnerability in Amiscu Westmoreland Water FCU 1.2.0 The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5537 | Chewysoftware | Cryptographic Issues vulnerability in Chewysoftware Abduction Stacker Free 1.0.7 The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5536 | Bashgaming | Cryptographic Issues vulnerability in Bashgaming Bingo Bash Free Bingo Casino 1.31.1 The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5535 | Girlgame | Cryptographic Issues vulnerability in Girlgame Baby GET UP - Kids Care 1.0.3 The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5534 | Appministry | Cryptographic Issues vulnerability in Appministry Princess Shopping 2 The Princess Shopping (aka air.android.PrincessShopping) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5532 | Adidas | Cryptographic Issues vulnerability in Adidas Honolulu 2 The Honolulu (aka adidas.jp.android.running.honolulu) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5531 | Goabode | Cryptographic Issues vulnerability in Goabode Abode 1.7 The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5529 | Gameloft | Cryptographic Issues vulnerability in Gameloft Library The Gameloft library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5528 | Appsflyer | Cryptographic Issues vulnerability in Appsflyer The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5527 | Tapjoy | Cryptographic Issues vulnerability in Tapjoy Library The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5526 | Inmobi | Cryptographic Issues vulnerability in Inmobi The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5525 | Playscape | Cryptographic Issues vulnerability in Playscape Mominis Library The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-09 | CVE-2014-5524 | Adcolony | Cryptographic Issues vulnerability in Adcolony Library The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-09-12 | CVE-2014-2009 | Mpay24 Project | Information Exposure vulnerability in Mpay24 Project Mpay24 The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. | 5.0 |
| 2014-09-12 | CVE-2014-3092 | IBM | Information Exposure vulnerability in IBM products IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
| 2014-09-11 | CVE-2014-3985 | Miniupnp Project Linux Opensuse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read. | 5.0 |
| 2014-09-11 | CVE-2014-3609 | Squid Cache | Improper Input Validation vulnerability in Squid-Cache Squid HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | 5.0 |
| 2014-09-10 | CVE-2014-4788 | IBM | Credentials Management vulnerability in IBM Initiate Master Data Service IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | 5.0 |
| 2014-09-10 | CVE-2014-3348 | Cisco | Improper Input Validation vulnerability in Cisco products The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206. | 5.0 |
| 2014-09-10 | CVE-2014-0909 | IBM | Information Exposure vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3 The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
| 2014-09-10 | CVE-2014-4072 | Microsoft | Resource Management Errors vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability." | 5.0 |
| 2014-09-10 | CVE-2014-4071 | Microsoft | Remote Denial of Service vulnerability in Microsoft Lync Server 2013 The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability." <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a> | 5.0 |
| 2014-09-10 | CVE-2014-4068 | Microsoft | Improper Input Validation vulnerability in Microsoft Lync Server 2010/2013 The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability." | 5.0 |
| 2014-09-10 | CVE-2014-4786 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Initiate Master Data Service IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue. | 4.9 |
| 2014-09-12 | CVE-2014-5441 | Fatfreecrm | Cross-Site Scripting vulnerability in Fatfreecrm FAT Free CRM Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action. | 4.3 |
| 2014-09-12 | CVE-2014-5259 | Blackcat CMS | Cross-Site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.0/1.0.1/1.0.2 Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2014-09-12 | CVE-2014-4735 | Mywebsql | Cross-Site Scripting vulnerability in Mywebsql Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php. | 4.3 |
| 2014-09-12 | CVE-2012-1556 | Synology | Cross-Site Scripting vulnerability in Synology Diskstation Manager and Synology Photo Station Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php. | 4.3 |
| 2014-09-11 | CVE-2014-5391 | SOS | Cross-Site Scripting vulnerability in SOS Jobscheduler Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash). | 4.3 |
| 2014-09-11 | CVE-2014-5129 | Avolvesoftware | Cross-Site Scripting vulnerability in Avolvesoftware Projectdox 8.1 Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-09-11 | CVE-2014-6240 | Google Sitemap Project | Cross-Site Scripting vulnerability in Google Sitemap Project Google Sitemap 0.4.3 Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-09-11 | CVE-2014-6238 | Akronymmanager Project | Cross-Site Scripting vulnerability in Akronymmanager Project Akronymmanager Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-09-11 | CVE-2014-6234 | Open Graph Protocol Project | Cross-Site Scripting vulnerability in Open Graph Protocol Project Open Graph Protocol 1.0.1 Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2014-09-11 | CVE-2014-6070 | Adiscon | Cross-Site Scripting vulnerability in Adiscon Loganalyzer Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php. | 4.3 |
| 2014-09-11 | CVE-2012-0984 | Xoops | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php. | 4.3 |
| 2014-09-11 | CVE-2011-4887 | Imperva | Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall 9.0 Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field. | 4.3 |
| 2014-09-10 | CVE-2014-4784 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Initiate Master Data Service IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue. | 4.3 |
| 2014-09-10 | CVE-2014-3343 | Cisco | Improper Input Validation vulnerability in Cisco IOS XR 5.1.0 Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052. | 4.3 |
| 2014-09-10 | CVE-2014-4070 | Microsoft | Cross-Site Scripting vulnerability in Microsoft Lync Server 2013 Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability." | 4.3 |
| 2014-09-08 | CVE-2014-5464 | Ntop | Cross-Site Scripting vulnerability in Ntop Ntopng 1.1/1.2.0 Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. | 4.3 |
| 2014-09-08 | CVE-2014-5369 | Enigmail | Cryptographic Issues vulnerability in Enigmail 1.7/1.7.2 Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. | 4.3 |
| 2014-09-12 | CVE-2014-4792 | IBM | Resource Management Errors vulnerability in IBM Websphere Portal IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files. | 4.0 |
| 2014-09-12 | CVE-2014-3342 | Cisco | Information Disclosure vulnerability in Cisco IOS XR Software Command Line Interface (CLI) The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383. | 4.0 |
| 2014-09-11 | CVE-2014-5393 | SOS | Path Traversal vulnerability in SOS Jobscheduler Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors. | 4.0 |
| 2014-09-11 | CVE-2014-6232 | Ldap Project | Information Disclosure vulnerability in Ldap Project Ldap 2.8.17 Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors. | 4.0 |
| 2014-09-10 | CVE-2014-6074 | IBM | Cryptographic Issues vulnerability in IBM Urbancode Deploy 6.1.0.2 IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page. | 4.0 |
9 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2014-09-12 | CVE-2014-4762 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Portal Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
| 2014-09-12 | CVE-2014-3363 | Cisco | Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 9.1(2.10000.28) Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443. | 3.5 |
| 2014-09-11 | CVE-2014-3740 | Spiceworks | Cross-Site Scripting vulnerability in Spiceworks 7.2.00174/7.2.00189 Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page. | 3.5 |
| 2014-09-11 | CVE-2014-6237 | News Pack Project | Cross-Site Scripting vulnerability in News Pack Project News Pack 0.1.0 Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-09-10 | CVE-2014-5313 | Sixapart | Cross-Site Scripting vulnerability in Sixapart Movabletype Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-09-10 | CVE-2014-4787 | IBM | Cross-Site Scripting vulnerability in IBM Initiate Master Data Service Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2014-09-10 | CVE-2014-4756 | IBM | Unspecified vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3 The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors. | 3.5 |
| 2014-09-10 | CVE-2014-4864 | Netgear | Credentials Management vulnerability in Netgear Prosafe Firmware The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file. | 3.3 |
| 2014-09-10 | CVE-2014-3079 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3 The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query. | 2.1 |