Weekly Vulnerabilities Reports > September 8 to 14, 2014

Overview

477 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 17 high severity vulnerabilities. This weekly summary report vulnerabilities in 448 products from 346 vendors including Microsoft, IBM, Google, Linux, and Playscape. Vulnerabilities are notably categorized as "Cryptographic Issues", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Permissions, Privileges, and Access Controls", and "SQL Injection".

  • 117 reported vulnerabilities are remotely exploitables.
  • 13 reported vulnerabilities have public exploit available.
  • 28 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 458 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 54 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 47 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

48 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-11 CVE-2014-2624 HP Unspecified vulnerability in HP Network Node Manager I 9.0/9.10/9.20

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.

10.0
2014-09-10 CVE-2014-0554 Adobe
Google
Apple
Microsoft
Linux
Security Bypass vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to bypass intended access restrictions via unspecified vectors.

10.0
2014-09-10 CVE-2014-0559 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0556.

10.0
2014-09-10 CVE-2014-0557 Adobe
Linux
Apple
Microsoft
Google
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

10.0
2014-09-10 CVE-2014-0556 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0559.

10.0
2014-09-10 CVE-2014-0555 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0552.

10.0
2014-09-10 CVE-2014-0553 Adobe
Opensuse
Suse
Apple
Microsoft
Google
Linux
Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allows attackers to execute arbitrary code via unspecified vectors.

10.0
2014-09-10 CVE-2014-0552 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, and CVE-2014-0555.

10.0
2014-09-10 CVE-2014-0551 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and CVE-2014-0555.

10.0
2014-09-10 CVE-2014-0550 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555.

10.0
2014-09-10 CVE-2014-0549 Adobe
Apple
Microsoft
Google
Linux
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555.

10.0
2014-09-10 CVE-2014-0547 Adobe
Apple
Microsoft
Linux
Google
Buffer Errors vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0549, CVE-2014-0550, CVE-2014-0551, CVE-2014-0552, and CVE-2014-0555.

10.0
2014-09-10 CVE-2014-4111 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4110.

9.3
2014-09-10 CVE-2014-4110 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4109 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4108 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4107 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4106 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4105 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4104 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4103 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4102 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4091.

9.3
2014-09-10 CVE-2014-4101 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4096.

9.3
2014-09-10 CVE-2014-4100 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4099 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11/9

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-09-10 CVE-2014-4098 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4092.

9.3
2014-09-10 CVE-2014-4097 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4096 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4095, and CVE-2014-4101.

9.3
2014-09-10 CVE-2014-4095 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4087, CVE-2014-4096, and CVE-2014-4101.

9.3
2014-09-10 CVE-2014-4094 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4093 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4084.

9.3
2014-09-10 CVE-2014-4092 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4098.

9.3
2014-09-10 CVE-2014-4091 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4089, and CVE-2014-4102.

9.3
2014-09-10 CVE-2014-4090 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4089 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4080, CVE-2014-4091, and CVE-2014-4102.

9.3
2014-09-10 CVE-2014-4088 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4087 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 11

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4095, CVE-2014-4096, and CVE-2014-4101.

9.3
2014-09-10 CVE-2014-4086 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 6/7/8

Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-09-10 CVE-2014-4085 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4084 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4093.

9.3
2014-09-10 CVE-2014-4083 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4082 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

9.3
2014-09-10 CVE-2014-4081 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4080 Microsoft Buffer Errors vulnerability in Microsoft Internet Explorer 10/11

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102.

9.3
2014-09-10 CVE-2014-4079 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4065 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-4059 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3
2014-09-10 CVE-2014-2799 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer

Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4104, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014-4108, CVE-2014-4109, CVE-2014-4110, and CVE-2014-4111.

9.3

17 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-12 CVE-2014-3362 Cisco Resource Management Errors vulnerability in Cisco products

Memory leak in Cisco TelePresence System Edge MXP Series Software F9.3.3 and earlier allows remote attackers to cause a denial of service (management outage) via multiple TELNET connections, aka Bug ID CSCuo63677.

7.8
2014-09-12 CVE-2014-5440 Mpexsolutions SQL Injection vulnerability in Mpexsolutions Mx-Smartimer

SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.

7.5
2014-09-12 CVE-2014-2008 Mpay24 Project SQL Injection vulnerability in Mpay24 Project Mpay24

SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.

7.5
2014-09-12 CVE-2014-4811 IBM Credentials Management vulnerability in IBM products

IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume Controller 6.x and 7.x before 7.2.0.8 allow remote attackers to reset the administrator superuser password to its default value via a direct request to the administrative IP address.

7.5
2014-09-11 CVE-2014-6241 WT Directory Project SQL Injection vulnerability in WT Directory Project WT Directory

SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-09-11 CVE-2014-6239 Address Visualization With Google Maps Project SQL Injection vulnerability in Address Visualization With Google Maps Project Address Visualization With Google Maps

SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-09-11 CVE-2014-6236 Lumonet PHP Include Project Arbitrary Code Execution vulnerability in Lumonet PHP Include Project Lumonet PHP Include 1.2.0

Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.

7.5
2014-09-11 CVE-2014-6235 Kennziffer Remote Code Execution vulnerability in Kennziffer KE Dompdf 0.0.3

Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2014-09-11 CVE-2014-6233 Flat Manager Project SQL Injection vulnerability in Flat Manager Project Flat Manager 2.7.9

SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2014-09-11 CVE-2014-6231 CWT Frontend Edit Project Remote Code Execution vulnerability in CWT Frontend Edit Project CWT Frontend Edit 1.2.4

Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) extension before 1.2.5 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors.

7.5
2014-09-11 CVE-2014-5519 Phpwiki Project Code Injection vulnerability in PHPwiki Project PHPwiki 1.5.0

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp.

7.5
2014-09-11 CVE-2014-2223 Plogger Code Injection vulnerability in Plogger 1.0

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.

7.5
2014-09-10 CVE-2014-3179 Google Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2014-09-10 CVE-2014-3178 Google Use After Free Remote Code Execution vulnerability in Google Chrome

Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies.

7.5
2014-09-10 CVE-2014-0548 Adobe
Google
Apple
Microsoft
Linux
Permissions, Privileges, and Access Controls vulnerability in Adobe Air, Adobe AIR SDK and Flash Player

Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

7.5
2014-09-08 CVE-2014-3618 Procmail
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, related to "unbalanced quotes."

7.5
2014-09-10 CVE-2014-4074 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft products

The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability."

7.2

403 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-12 CVE-2014-6270 Squid Cache
Oracle
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Off-by-one error in the snmpHandleUdp function in snmp_core.cc in Squid 2.x and 3.x, when an SNMP port is configured, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted UDP SNMP request, which triggers a heap-based buffer overflow.

6.8
2014-09-12 CVE-2013-4444 Apache Code Injection vulnerability in Apache Tomcat

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.

6.8
2014-09-10 CVE-2014-4865 Cacheguard Cross-Site Request Forgery (CSRF) vulnerability in Cacheguard Cacheguardos 5.7.7

Cross-site request forgery (CSRF) vulnerability in gui/password-wadmin.apl in CacheGuard OS 5.7.7 allows remote attackers to hijack the authentication of arbitrary users.

6.8
2014-09-10 CVE-2014-4789 IBM Session Fixation vulnerability in IBM Initiate Master Data Service

Session fixation vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2014-09-10 CVE-2014-4783 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Initiate Master Data Service

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2014-09-08 CVE-2014-0152 Ovirt
Redhat
Session Fixation vulnerability in oVirt

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

6.8
2014-09-11 CVE-2014-6043 Zohocorp Permissions, Privileges, and Access Controls vulnerability in Zohocorp Manageengine Eventlog Analyzer 8.2/9.0

ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do.

6.5
2014-09-11 CVE-2014-5460 Tribulant Improper Input Validation vulnerability in Tribulant Tibulant Slideshow Gallery

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

6.5
2014-09-11 CVE-2012-4240 Group Office SQL Injection vulnerability in Group-Office Groupoffice

SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.

6.5
2014-09-10 CVE-2014-4785 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Initiate Master Data Service

Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.0
2014-09-10 CVE-2014-3037 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM products

Cross-site request forgery (CSRF) vulnerability in IBM Configuration Management Application (aka VVC) in IBM Rational Engineering Lifecycle Manager before 4.0.7 and 5.x before 5.0.1, Rational Software Architect Design Manager before 4.0.7 and 5.x before 5.0.1, and Rational Rhapsody Design Manager before 4.0.7 and 5.x before 5.0.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.0
2014-09-12 CVE-2014-5888 Bibleslots Cryptographic Issues vulnerability in Bibleslots Slots:Bible Slots Free 1.122

The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application 1.122 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-12 CVE-2014-5887 Yell Cryptographic Issues vulnerability in Yell Local Search 4.2.1.4

The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-12 CVE-2014-5886 Ceskatelevize Cryptographic Issues vulnerability in Ceskatelevize Ivysilani Ceske Televize 1.6

The iVysilani ceske televize (aka cz.motion.ivysilani) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-12 CVE-2014-5885 PDC Cryptographic Issues vulnerability in PDC Disaster Alert 3.2

The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-12 CVE-2014-5884 1Und1 Cryptographic Issues vulnerability in 1Und1 1&1 Online Storage 5.0.11

The 1&1 Online Storage (aka de.einsundeins.smartdrive) application 5.0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-12 CVE-2014-5883 7 Eleven Cryptographic Issues vulnerability in 7-Eleven 2.08.000

The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5882 Applica Cryptographic Issues vulnerability in Applica Homoo Ijiri 3.7

The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5881 Yahoo Cryptographic Issues vulnerability in Yahoo Ybox 1.5.1

The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5879 Tvguide Project Cryptographic Issues vulnerability in Tvguide Project Tvguide 1.9.14

The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5878 I UM Cryptographic Issues vulnerability in I-Um IUM 3.3.4

The ium (aka net.ium.mobile.android) application 3.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5877 Mini Group Cryptographic Issues vulnerability in Mini Group TV Guide 5.4.3

The TV Guide (aka net.micene.minigroup.palimpsests.lite) application 5.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5876 Westerndigital Cryptographic Issues vulnerability in Westerndigital WD MY Cloud 4.0.0

The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5875 Sylpheo Cryptographic Issues vulnerability in Sylpheo Sylphone 5.3.8

The Sylphone (aka com.sylpheo.prospectosyl) application 5.3.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5874 Splashid Cryptographic Issues vulnerability in Splashid 7.2.2

The SplashID (aka com.splashidandroid) application 7.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5873 Sears Cryptographic Issues vulnerability in Sears 6.2.8

The Sears (aka com.sears.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5872 Safenet INC Cryptographic Issues vulnerability in Safenet-Inc Safenetmobile Pass 8.3.7.11

The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5871 Piwik Cryptographic Issues vulnerability in Piwik Mobile 2 2.0.1

The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5870 Kmart Cryptographic Issues vulnerability in Kmart 6.2.8

The Kmart (aka com.kmart.android) application 6.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5869 CNN Cryptographic Issues vulnerability in CNN Cnnmoney Portfolio 1.03

The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5868 Cisco Cryptographic Issues vulnerability in Cisco Technical Support 3.7.1

The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5867 Sparkpay Cryptographic Issues vulnerability in Sparkpay Capital ONE Spark 0.9.81

The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5866 DMV CA GOV Cryptographic Issues vulnerability in Dmv.Ca.Gov CA DMV 2.0

The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5865 ASK Cryptographic Issues vulnerability in ASK Ask.Com 2.2.5

The Ask.com (aka com.ask.android) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5864 Getswish Cryptographic Issues vulnerability in Getswish Swish Payments 2.0

The Swish payments (aka se.bankgirot.swish) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-11 CVE-2014-5863 Netmarble Cryptographic Issues vulnerability in Netmarble Mpang.Gp 4.0.0

The mpang.gp (aka air.com.cjenm.mpang.gp) application 4.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-10 CVE-2014-0351 Fortinet Cryptographic Issues vulnerability in Fortinet Fortios

The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-middle attackers to obtain sensitive information or interfere with communications by modifying the client-server data stream.

5.4
2014-09-10 CVE-2014-5862 Zhwnl Cryptographic Issues vulnerability in Zhwnl Ecalendar2 4.5.3

The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-10 CVE-2014-5861 Skout Cryptographic Issues vulnerability in Skout Boyahoy - GAY Chat 4.3.6

The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-10 CVE-2014-5860 Aximediasoft Cryptographic Issues vulnerability in Aximediasoft Slide Show Creator 4.4.3

The Slide Show Creator (aka com.amem) application 4.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-10 CVE-2014-5859 Animoca Cryptographic Issues vulnerability in Animoca Star Girl: Colors of Spring 3.4.1

The Star Girl: Colors of Spring (aka com.animoca.google.starGirlSpring) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-10 CVE-2014-5858 Candy Blast Project Cryptographic Issues vulnerability in Candy Blast Project Candy Blast 1.1.001

The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-10 CVE-2014-5857 Avantar Cryptographic Issues vulnerability in Avantar White & Yellow Pages 5.1.1

The White & Yellow Pages (aka com.avantar.wny) application 5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-6025 Chartboost Cryptographic Issues vulnerability in Chartboost Library 2.0.2

The Chartboost library before 2.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5856 Communityfactory Cryptographic Issues vulnerability in Communityfactory Selfie Camera -Facial Beauty- 1.2.7

The Selfie Camera -Facial Beauty- (aka com.cfinc.cunpic) application 1.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5855 Cjmall Cryptographic Issues vulnerability in Cjmall 4.1.8

The CJmall (aka com.cjoshppingphone) application 4.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5854 Clearhub Cryptographic Issues vulnerability in Clearhub Windows Live Hotmail Push Mail 1.00.97

The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application 1.00.97 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5853 Withive Cryptographic Issues vulnerability in Withive Knights N Squires 1.1.2

The Knights N Squires (aka com.com2us.imhero.normal.freefull.google.global.android.common) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5852 Withhive Cryptographic Issues vulnerability in Withhive Kakao 2.11.1.0

The Kakao (aka com.com2us.tinypang.kakao.freefull2.google.global.android.common) application 2.11.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5851 Darksummoner Cryptographic Issues vulnerability in Darksummoner Dark Summoner 1.03.39

The Dark Summoner (aka com.darksummoner) application 1.03.39 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5850 Kaavefali Cryptographic Issues vulnerability in Kaavefali Kaave Fali 1.5.1

The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5849 Disney Cryptographic Issues vulnerability in Disney Maleficent Free Fall 1.2.0

The Maleficent Free Fall (aka com.disney.maleficent_goo) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5848 Iqnect Cryptographic Issues vulnerability in Iqnect Dubstep Hero 1.9

The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5847 Mobiledeluxe Cryptographic Issues vulnerability in Mobiledeluxe BIG WIN Slots - Slot Machines 1.11.2

The Big Win Slots - Slot Machines (aka com.gosub60.BigWinSlots) application 1.11.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5846 Mobgams Cryptographic Issues vulnerability in Mobgams Fairy Princess Makeover Salon 1.7

The Fairy Princess Makeover Salon (aka com.mobgams.dressup.fairy.princess.makeover) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5845 Thirdwire Cryptographic Issues vulnerability in Thirdwire Strike Fighters Israel 1.2.4

The Strike Fighters Israel (aka com.thirdwire.strikefighters.mideast.android) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5844 Alsunna Project Cryptographic Issues vulnerability in Alsunna Project Alsunna 0.1

The Alsunna (aka com.wAlsunna) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5843 Adp4U Cryptographic Issues vulnerability in Adp4U ADP Agency Immobiliare 0.1

The ADP AGENCY Immobiliare (aka com.wAdpagencyAndroid) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5842 2G Live TV Project Cryptographic Issues vulnerability in 2G Live TV Project 2G Live TV 0.9

The 2G Live Tv (aka com.ww2GLiveTv) application 0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5841 Cybird Cryptographic Issues vulnerability in Cybird Girls Calendar Period&Weight 3.2.2

The Girls Calendar Period&Weight (aka jp.co.cybird.apps.lifestyle.cal) application 3.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5840 Forfone Cryptographic Issues vulnerability in Forfone Forfone: Free Calls & Messages 1.5.11

The forfone: Free Calls & Messages (aka com.forfone.sip) forfone application 1.5.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5839 Labanquepostale Cryptographic Issues vulnerability in Labanquepostale Acces Compte 3.2.6

The Acces Compte (aka com.fullsix.android.labanquepostale.accountaccess) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5838 6677G Cryptographic Issues vulnerability in 6677G Girls Games - Shoes Maker 1.0.1

The Girls Games - Shoes Maker (aka com.g6677.android.shoemaker) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5837 Game Insight Cryptographic Issues vulnerability in Game-Insight MY Railway 1.1.33

The My Railway (aka com.gameinsight.myrailway) application 1.1.33 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5836 Gittigidiyor Cryptographic Issues vulnerability in Gittigidiyor 1.4.1

The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5835 Clubpersonal Cryptographic Issues vulnerability in Clubpersonal Club Personal 2.6

The Club Personal (aka com.globant.clubpersonal) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5834 Mobiledeluxe Cryptographic Issues vulnerability in Mobiledeluxe Solitaire Deluxe 2.8.5

The Solitaire Deluxe (aka com.gosub60.solfree2) application 2.8.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5833 Onelouder Cryptographic Issues vulnerability in Onelouder Friendcaster Chat 2.0

The FriendCaster Chat (aka com.handmark.friendcaster.chat) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5832 Hanabank Cryptographic Issues vulnerability in Hanabank 4.06

The hananbank (aka com.hanabank.ebk.channel.android.hananbank) application 4.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5831 Happylabs Cryptographic Issues vulnerability in Happylabs Hotel Story: Resort Simulation 1.7.9B

The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) application 1.7.9B for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5830 Farm Frenzy Gold Project Cryptographic Issues vulnerability in Farm Frenzy Gold Project Farm Frenzy Gold 1.0.1

The Farm Frenzy Gold (aka com.herocraft.game.farmfrenzy.gold) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5829 Hobbylobby Cryptographic Issues vulnerability in Hobbylobby Hobby Lobby Stores 2.1.9

The Hobby Lobby Stores (aka com.hobbylobbystores.android) application 2.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5828 Drei Cryptographic Issues vulnerability in Drei 3Kundenzone 2.0

The 3Kundenzone (aka com.hutchison3g.at.android.selfcare) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5827 Ibotta Cryptographic Issues vulnerability in Ibotta - Better Than Coupons. 2.5.1

The Ibotta - Better than Coupons.

5.4
2014-09-09 CVE-2014-5826 RIX GO Locker Theme Project Cryptographic Issues vulnerability in RIX GO Locker Theme Project RIX GO Locker Theme 1.20.2

The Rix GO Locker Theme (aka com.jiubang.goscreenlock.theme.rix.getjar) application 1.20.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5825 Jinfra Cryptographic Issues vulnerability in Jinfra Guess the Movie 2.982

The Guess The Movie (aka com.june.guessthemovie) application 2.982 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5824 Ilovegame Cryptographic Issues vulnerability in Ilovegame Longjiang 2.0.6

The longjiang (aka com.longjiang.kr) application 2.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5823 Thecleanerapp Cryptographic Issues vulnerability in Thecleanerapp the Cleaner - Speed UP & Clean 1.4.2

The The Cleaner - Speed up & Clean (aka com.liquidum.thecleaner) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5822 Kate Mobile Cryptographic Issues vulnerability in Kate Mobile VK Kate Mobile 9.6.1

The VK Kate Mobile (aka com.perm.kate) application 9.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5821 Guitartuna Cryptographic Issues vulnerability in Guitartuna Guitar Tuner Free - Guitartuna 2.4.5

The Guitar Tuner Free - GuitarTuna (aka com.ovelin.guitartuna) application 2.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5820 Okcupid Cryptographic Issues vulnerability in Okcupid Dating 3.4.6

The OkCupid Dating (com.okcupid.okcupid) application 3.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5819 Mopl Cryptographic Issues vulnerability in Mopl Phone for Google Voice & Gtalk 1.0.6

The PHONE for Google Voice & GTalk (aka com.moplus.gvphone) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5818 Mobage Cryptographic Issues vulnerability in Mobage Tiny Tower 1.7.0.8

The Tiny Tower (aka com.mobage.ww.a560.tinytower_android) application 1.7.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5817 Miniclip Cryptographic Issues vulnerability in Miniclip Mini Pets 2.0.3

The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5816 Meipai Cryptographic Issues vulnerability in Meipai 1.2.0

The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5815 Mavenhut Cryptographic Issues vulnerability in Mavenhut Solitaire Arena 1.0.15

The Solitaire Arena (aka com.mavenhut.solitaire) application 1.0.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5813 Alrazylabs Cryptographic Issues vulnerability in Alrazylabs Lostword 5.9

The lostword (aka zozo.android.lostword) application 5.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5812 Viedemerde Cryptographic Issues vulnerability in Viedemerde VDM Officiel 5.0

The VDM Officiel (aka vdm.activities) application 5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5811 Zoom Cryptographic Issues vulnerability in Zoom Cloud Meetings @7F060008

The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5810 SGK Cryptographic Issues vulnerability in SGK Hizmet Dokumu 4A 1.103

The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application 1.103 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5808 Whisper Cryptographic Issues vulnerability in Whisper 4.0.6

The Whisper (aka sh.whisper) application 4.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5807 Safari Browser Project Cryptographic Issues vulnerability in Safari Browser Project Safari Browser 1.0

The Safari Browser (aka safari.safaribrowser.internetexplorer) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5806 Wargaming Cryptographic Issues vulnerability in Wargaming World of Tanks Assistant 1.7.5

The World of Tanks Assistant (aka ru.worldoftanks.mobile) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5805 Wamba Cryptographic Issues vulnerability in Wamba Dating for Everyone - Mamba! 3.5

The Dating for everyone - Mamba! (aka ru.mamba.client) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5804 Mail RU Cryptographic Issues vulnerability in Mail.Ru Dating 3.0

The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5803 Ember Entertainment Cryptographic Issues vulnerability in Ember-Entertainment Towers N' Trolls 1.6.4

The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5802 Playscape Cryptographic Issues vulnerability in Playscape 9.3.3

The PlayScape (aka playscape.mominis.gameconsole.com) application 9.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5801 Ocshield Cryptographic Issues vulnerability in Ocshield Datagard VPN + AV @7F050013

The DataGard VPN + AV (aka ocshield.com) application @7F050013 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5800 Nonghyup Cryptographic Issues vulnerability in Nonghyup Smart Nhibzbanking 2.1

The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5799 Nonghyup Cryptographic Issues vulnerability in Nonghyup Smart Card 3.2

The smart.card (aka nh.smart.card) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5798 Nonghyup Cryptographic Issues vulnerability in Nonghyup Smart Calculator 2.0

The smart.calculator (aka nh.smart.calculator) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5797 Nonghyup Cryptographic Issues vulnerability in Nonghyup Smart 3.0.5

The smart (aka nh.smart) application 3.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5796 Passion4Profession Cryptographic Issues vulnerability in Passion4Profession Chest Workout 2.0.8

The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5794 Passion4Profession Cryptographic Issues vulnerability in Passion4Profession 8 Minutes ABS Workout 2.0.9

The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5793 Mobilecraft Cryptographic Issues vulnerability in Mobilecraft Bilgi Yarisi 1.8

The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5792 Drecom Cryptographic Issues vulnerability in Drecom Reign of Dragons: Build-Battle 2.4.2

The Reign of Dragons: Build-Battle (aka net.gree.android.pf.greeapp57501) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5791 Daumcorp Cryptographic Issues vulnerability in Daumcorp Daum Cloud 1.6.18

The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5790 Playscape Cryptographic Issues vulnerability in Playscape Pets FUN House 1.0.1

The Pets Fun House (aka mominis.Generic_Android.Pets_Fun_House) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5789 Playscape Cryptographic Issues vulnerability in Playscape Ninja Chicken Ooga Booga 1.4.2

The Ninja Chicken Ooga Booga (aka mominis.Generic_Android.Ninja_Chicken_Ooga_Booga) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5788 Playscape Cryptographic Issues vulnerability in Playscape Ninja Chicken Adventure Island 1.1.1

The Ninja Chicken Adventure Island (aka mominis.Generic_Android.Ninja_Chicken_Adventure_Island) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5787 Playscape Cryptographic Issues vulnerability in Playscape Ninja Chicken 1.7.6

The Ninja Chicken (aka mominis.Generic_Android.Ninja_Chicken) application 1.7.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5786 Playscape Cryptographic Issues vulnerability in Playscape Jewels & Diamonds 1.1.0

The Jewels & Diamonds (aka mominis.Generic_Android.Jewels_and_Diamonds) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5785 Playscape Cryptographic Issues vulnerability in Playscape Bouncy Bill World-Cup 1.0.1

The Bouncy Bill World-Cup (aka mominis.Generic_Android.Bouncy_Bill_World_Cup) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5784 Playscape Cryptographic Issues vulnerability in Playscape Bouncy Bill Seasons 1.3.9

The Bouncy Bill Seasons (aka mominis.Generic_Android.Bouncy_Bill_Seasons) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5783 Playscape Cryptographic Issues vulnerability in Playscape Bouncy Bill Monster Smasher ED 1.0.3

The Bouncy Bill Monster Smasher ed (aka mominis.Generic_Android.Bouncy_Bill_Monster_Smasher_Edition) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5782 Playscape Cryptographic Issues vulnerability in Playscape Bouncy Bill Holloween 1.0.3

The Bouncy Bill Halloween (aka mominis.Generic_Android.Bouncy_Bill_Halloween) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5781 Playscape Cryptographic Issues vulnerability in Playscape Bouncy Bill Easter Tales 1.0.4

The Bouncy Bill Easter Tales (aka mominis.Generic_Android.Bouncy_Bill_Easter_Tales) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5780 Playscape Cryptographic Issues vulnerability in Playscape Bouncy Bill 1.9.1

The Bouncy Bill (aka mominis.Generic_Android.Bouncy_Bill) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5779 Jackdapp Cryptographic Issues vulnerability in Jackdapp Jack'D - GAY Chat & Dating 1.9.0A

The Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application 1.9.0a for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5778 POU Cryptographic Issues vulnerability in POU 1.4.53

The Pou (aka me.pou.app) application 1.4.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5777 Cocoppa Cryptographic Issues vulnerability in Cocoppa Icon Wallpaper Dressup-Cocoppa 2.8.4

The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application 2.8.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5776 Playmemoriesonline Cryptographic Issues vulnerability in Playmemoriesonline Playmemories Online 4.2.0.05070

The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application 4.2.0.05070 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5775 Sfbrowser Cryptographic Issues vulnerability in Sfbrowser Super Fast Browser 2.0.5.6

The Super Fast Browser (aka iron.web.jalepano.browser) application 2.0.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5774 WEB Browser Explorer Project Cryptographic Issues vulnerability in web Browser & Explorer Project web Browser & Explorer 4.0

The Web Browser & Explorer (aka internetexplorer.browser.webexplorer) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5773 Registeredassistant Project Cryptographic Issues vulnerability in Registeredassistant Project Registeredassistant 0.2.3

The RegisteredAssistant (aka Icr.RegisteredAssistant) application 0.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5772 Govhk Cryptographic Issues vulnerability in Govhk Government Bookstore 1.01

The Government Bookstore (aka hksarg.isd.sop.govbookstore) application 1.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5771 Cuoftexas Cryptographic Issues vulnerability in Cuoftexas Credit Union of Texas Mobile 1.1

The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5770 WEB Browser FOR Android Project Cryptographic Issues vulnerability in web Browser FOR Android Project web Browser for Android 1.2

The Web Browser for Android (aka explore.web.browser) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5769 Mobiscope Cryptographic Issues vulnerability in Mobiscope Local 1.05

The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5768 Foodplannerapp Cryptographic Issues vulnerability in Foodplannerapp Food Planner 4.8.4.3Google

The Food Planner (aka dk.boggie.madplan.android) application 4.8.4.3-google for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5767 Shape Cryptographic Issues vulnerability in Shape Im+ 6.6.2

The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5766 Mobileeventguide Cryptographic Issues vulnerability in Mobileeventguide Uber B2B 1.9

The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5765 Lotum Cryptographic Issues vulnerability in Lotum Paint-For-Friends 1.5.1

The Paint for Friends (aka de.lotumlabs.buddypainting) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5764 NQ Cryptographic Issues vulnerability in NQ Antivirus Free 7.2.16.02

The Antivirus Free (aka com.zrgiu.antivirus) application 7.2.16.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5763 Zoodles Cryptographic Issues vulnerability in Zoodles KID Mode: Free Games + Lock 4.9.8

The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application 4.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5762 Zeptolab Cryptographic Issues vulnerability in Zeptolab CUT the Rope: Time Travel 1.3.4

The Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application 1.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5761 Zipcar Cryptographic Issues vulnerability in Zipcar 3.4.2

The Zipcar (aka com.zc.android) application 3.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5760 Pizzahut Cryptographic Issues vulnerability in Pizzahut Pizza HUT 2.0.5

The Pizza Hut (aka com.yum.pizzahut) application 2.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5759 Awesome Antivirus 2014 Project Cryptographic Issues vulnerability in Awesome Antivirus 2014 Project Awesome Antivirus 2014 1

The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5758 Yellowbook Cryptographic Issues vulnerability in Yellowbook Yellow Pages Local Search 11.0.0

The Yellow Pages Local Search (aka com.yellowbook.android2) application 11.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5757 Awesomeseating Cryptographic Issues vulnerability in Awesomeseating BUY Tickets 2.3

The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5756 99Only Cryptographic Issues vulnerability in 99Only BUY 99 Cents Only products 0.1

The Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5755 Gunhillwireless Cryptographic Issues vulnerability in Gunhillwireless Verizon 0.1

The verizon (aka com.wverizonwirelessbill) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5754 Verizon Instant Refills 24 7 Project Cryptographic Issues vulnerability in Verizon Instant Refills 24/7 Project Verizon Instant Refills 24/7 0.1

The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5753 Ggbu Cryptographic Issues vulnerability in Ggbu Twitter NO Background 0.85.13509.97828

The Twitter No Background (aka com.wTwitternobackground) application 0.85.13509.97828 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5752 Wtradersactivity Project Cryptographic Issues vulnerability in Wtradersactivity Project Wtradersactivity 0.1

The wTradersActivity (aka com.wTradersActivity) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5751 TOR Browser THE Short Guide Project Cryptographic Issues vulnerability in TOR Browser the Short Guide Project TOR Browser the Short Guide 0.1

The Tor Browser the Short Guide (aka com.wTorShortUserManual) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5750 PRO BET Tips Project Cryptographic Issues vulnerability in PRO BET Tips Project PRO BET Tips 0.2

The Pro Bet Tips (aka com.wProBetTips) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5749 Wooga Cryptographic Issues vulnerability in Wooga Jelly Splash 1.11.3

The Jelly Splash (aka com.wooga.jelly_splash) application 1.11.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5748 Wk12Olslogin Project Cryptographic Issues vulnerability in Wk12Olslogin Project Wk12Olslogin 0.1

The wK12olslogin (aka com.wK12olslogin) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5747 Comcast Cryptographic Issues vulnerability in Comcast Xfinity Constant Guard Mobile 3.1.140603

The XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) application 3.1.140603 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5746 VKR Soft Cryptographic Issues vulnerability in VKR Soft Government Best Jobs 0.1

The Government Best Jobs (aka com.wGovernmentBestJobs) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5745 Free Pageplus Activation Project Cryptographic Issues vulnerability in Free Pageplus Activation Project Free Pageplus Activation 0.1

The FREE Pageplus Activation (aka com.wFREEPageplusActivations) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5744 Wegoi Cryptographic Issues vulnerability in Wegoi Re-Volt 2 : Multiplayer 1.1.4

The RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) application 1.1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5743 Wegoi Cryptographic Issues vulnerability in Wegoi Re-Volt 2 : Best RC 3D Racing 1.2.6

The RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) application 1.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5742 Geteversnap Cryptographic Issues vulnerability in Geteversnap Eversnap Private Photo Album 1.0.23

The Eversnap Private Photo Album (aka com.weddingsnap.android) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5741 Webroot Cryptographic Issues vulnerability in Webroot Security - Complete 3.6.0.6610

The Security - Complete (aka com.webroot.security.complete) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5740 Webroot Cryptographic Issues vulnerability in Webroot Security - Free 3.6.0.6610

The Security - Free (aka com.webroot.security) application 3.6.0.6610 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5739 Webprancer Cryptographic Issues vulnerability in Webprancer Garfield'S Diner 1.4.0

The Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5738 Webprancer Cryptographic Issues vulnerability in Webprancer Garfield'S Defense 1.5.4

The Garfield's Defense (aka com.webprancer.google.garfieldDefense) application 1.5.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5737 Cdsoft Cryptographic Issues vulnerability in Cdsoft 0.2

The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5736 Buycoins Cryptographic Issues vulnerability in Buycoins BUY Coins 0.62.13364.24150

The Buy Coins (aka com.wBuyCoins) application 0.62.13364.24150 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5735 Home Shopping Apps Cryptographic Issues vulnerability in Home Shopping Apps BUY A Gift 13529.90084

The Buy A Gift (aka com.wBuyAGift) application 13529.90084 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5734 APP Maker KS Cryptographic Issues vulnerability in APP Maker KS BUY Books 0.1

The Buy Books (aka com.wBooksForSale) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5733 Water Wish Cryptographic Issues vulnerability in Water Wish Shop Love 1.05

The Shop Love (aka com.waterwish.shoplove) application 1.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5732 Wamba Cryptographic Issues vulnerability in Wamba Wamba-Meet Women and MEN 3.0

The Wamba - meet women and men (aka com.wamba.client) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5731 Jiuzhangtech Cryptographic Issues vulnerability in Jiuzhangtech Word Search 2.3.0

The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5730 Videotelecom Cryptographic Issues vulnerability in Videotelecom Russkoe TB HD 3.6

The russkoe TB HD (aka com.videotelecom.russkoeHD) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5729 Viddy Cryptographic Issues vulnerability in Viddy 1.3.9

The Viddy (aka com.viddy.Viddy) application 1.3.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5728 Vevo Cryptographic Issues vulnerability in Vevo Vevo-Watch HD Music Videos 2.0.27

The Vevo - Watch HD Music Videos (aka com.vevo) application 2.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5727 Utorrent Cryptographic Issues vulnerability in Utorrent Remote 1.0.20110929

The uTorrent Remote (aka com.utorrent.web) application 1.0.20110929 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5726 Ssfcu Cryptographic Issues vulnerability in Ssfcu Security Service Mybranch APP 7.88.00.145

The Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) application 7.88.00.145 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5725 Truecaller Cryptographic Issues vulnerability in Truecaller Truecaller-Caller ID & Block 4.32

The Truecaller - Caller ID & Block (aka com.truecaller) application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5724 Pocketmags Cryptographic Issues vulnerability in Pocketmags Gambling Insider Magazine @7F0801Aa

The Gambling Insider Magazine (aka com.triactivemedia.gambling) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5723 Trapster Cryptographic Issues vulnerability in Trapster 4.3.2

The Trapster (aka com.trapster.android) application 4.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5722 Swiftkey Cryptographic Issues vulnerability in Swiftkey Keyboard + Emoji 5.0.2.4

The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application 5.0.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5721 Touchnote Cryptographic Issues vulnerability in Touchnote Postcards 4.2.7

The Touchnote Postcards (aka com.touchnote.android) application 4.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5720 Topfreegames Cryptographic Issues vulnerability in Topfreegames Bike Race Free - TOP Free Game 4.3

The Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreeworld) application 4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5719 Timuz Cryptographic Issues vulnerability in Timuz Bike Racing 2014 1.6

The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5717 Animoca Cryptographic Issues vulnerability in Animoca Fashion Style 3.4.1

The Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5716 Theonegames Cryptographic Issues vulnerability in Theonegames Gunship Battle:Helicopter 3D 1.1.7

The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application 1.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5715 Thegameboss Cryptographic Issues vulnerability in Thegameboss Street Racing 4.0.4

The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5714 GO Text Cryptographic Issues vulnerability in Go-Text Text Me! Free Texting & Call 2.5.5

The Text Me! Free Texting & Call (aka com.textmeinc.textme) application 2.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5713 Telly Cryptographic Issues vulnerability in Telly Telly-Watch the Good Stuff 2.5.1

The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5712 Tektite Cryptographic Issues vulnerability in Tektite Turbo River Racing Free 1.07

The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5711 Microsoft Cryptographic Issues vulnerability in Microsoft Tech Companion 1.0.6

The Microsoft Tech Companion (aka com.technet) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5710 Flane Cryptographic Issues vulnerability in Flane Cisco Class Locator Fast Lane

The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5709 Sunstormgames Cryptographic Issues vulnerability in Sunstormgames Donut Maker 1.27

The Donut Maker (aka com.sunstorm.android.donut) application 1.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5708 Gameinfo Cryptographic Issues vulnerability in Gameinfo Best Racing/Moto Games Ranking 2.2.7

The Best Racing/moto Games Ranking (aka com.subapp.android.racing) application 2.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5707 Animoca Cryptographic Issues vulnerability in Animoca Bunny RUN 1.1.2

The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5706 Somcloud Cryptographic Issues vulnerability in Somcloud Somnote - Journal/Memo 2.1.5

The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5705 Sega Cryptographic Issues vulnerability in Sega Sonic CD Lite 1.0.4

The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5704 Dish Cryptographic Issues vulnerability in Dish Anywhere 3.5.10

The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5703 Slingo Cryptographic Issues vulnerability in Slingo Lottery Challenge 1.0.34

The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5702 Skyboardapps Cryptographic Issues vulnerability in Skyboardapps Penguin RUN 1.1

The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5701 Skout Cryptographic Issues vulnerability in Skout Skout: Chats. Friends. Fun. 4.3.3

The Skout: Chats.

5.4
2014-09-09 CVE-2014-5700 Sixdead Cryptographic Issues vulnerability in Sixdead Brain LAB - Brain AGE Games IQ 2.37

The Brain lab - brain age games IQ (aka com.sixdead.brainlab) application 2.37 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5699 Perblue Cryptographic Issues vulnerability in Perblue Parallel Kingdom MMO @7F070019

The Parallel Kingdom MMO (aka com.silvermoon.client) application @7F070019 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5698 Sheado Cryptographic Issues vulnerability in Sheado Furdiburb 1.1.2

The Furdiburb (aka com.sheado.lite.pet) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5697 Dressup Cryptographic Issues vulnerability in Dressup Dress Up! Girl Party 2.0

The Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5696 Sega Cryptographic Issues vulnerability in Sega Sonic 4 Episode II Lite 2.3

The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5695 Sanriodigital Cryptographic Issues vulnerability in Sanriodigital Hello Kitty Cafe 1.4.0

The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5694 Scoutmob Cryptographic Issues vulnerability in Scoutmob Local Deals & Event 3.0.18

The Scoutmob local deals & events (aka com.scoutmob.ile) application 3.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5693 Withbuddies Cryptographic Issues vulnerability in Withbuddies Slots Vacation - Free Slots 1.47.2

The Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) application 1.47.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5692 Safeway Cryptographic Issues vulnerability in Safeway 4.1.0

The Safeway (aka com.safeway.client.android.safeway) application 4.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-6024 Flurry Cryptographic Issues vulnerability in Flurry Flurry-Analytics-Android 3.3.0/3.3.2/3.3.4

The Flurry library before 3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5691 Rvappstudios Cryptographic Issues vulnerability in Rvappstudios Best Phone Security 2.1

The Best Phone Security (aka com.rvappstudios.phonesecurity) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5690 Runtastic Cryptographic Issues vulnerability in Runtastic Timer 1.0.1

The Runtastic Timer (aka com.runtastic.android.timer) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5689 Runtastic Cryptographic Issues vulnerability in Runtastic Road Bike 2.0.1

The Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5688 Runtastic Cryptographic Issues vulnerability in Runtastic Pedometer 1.5

The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5687 Runtastic Cryptographic Issues vulnerability in Runtastic Mountain Bike 2.0.1

The Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.lite) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5686 Runtastic Cryptographic Issues vulnerability in Runtastic ME 1.0.2

The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5685 Runtastic Cryptographic Issues vulnerability in Runtastic Heart Rate 1.3

The Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5684 Runtastic Cryptographic Issues vulnerability in Runtastic Running & Fitness 5.1.2

The Runtastic Running & Fitness (aka com.runtastic.android) application 5.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5683 Rubycell Cryptographic Issues vulnerability in Rubycell Piano Teacher 20140730

The Piano Teacher (aka com.rubycell.pianisthd) application 20140730 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5682 Retale Cryptographic Issues vulnerability in Retale - Weekly ADS & Deals 2.1.3

The Retale - Weekly Ads & Deals (aka com.retale.android) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5681 XDA Developers Cryptographic Issues vulnerability in Xda-Developers 3.9.8

The XDA-Developers (aka com.quoord.tapatalkxda.activity) application 3.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5680 Tapatalk Cryptographic Issues vulnerability in Tapatalk 4.8.0

The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5679 Popuapp Cryptographic Issues vulnerability in Popuapp Popu 2: GET Likes ON Instagram 1.7.5

The PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application 1.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5678 POP HUB Cryptographic Issues vulnerability in Pop-Hub IQ Test 3.3

The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5677 Pointinside Cryptographic Issues vulnerability in Pointinside Point Inside Shopping & Travel 3.1.0

The Point Inside Shopping & Travel (aka com.pointinside.android.app) application 3.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5676 Playrix Cryptographic Issues vulnerability in Playrix Township 1.5.1

The Township (aka com.playrix.township) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5675 Pinssible Cryptographic Issues vulnerability in Pinssible Phonegram - Instagram Download 1.9.5

The Phonegram - Instagram Download (aka com.pinssible.padgram) application 1.9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5674 Picsart Cryptographic Issues vulnerability in Picsart - Photo Studio 4.5.5

The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5673 NQ Cryptographic Issues vulnerability in NQ Easy Finder & Anti-Theft 2.0.10.08

The Easy Finder & Anti-Theft (aka com.nqmobile.easyfinder) application 2.0.10.08 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5672 NQ Cryptographic Issues vulnerability in NQ Mobile Security & Antivirus 7.2.16.00

The NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) application 7.2.16.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5671 Noodlecake Cryptographic Issues vulnerability in Noodlecake Super Stickman Golf 2.2

The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5670 Ninjakiwi Cryptographic Issues vulnerability in Ninjakiwi Sas: Zombie Assault 3 2.56

The SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) application 2.56 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5669 9Gag Cryptographic Issues vulnerability in 9Gag - Funny Pics and Videos 2.4.10

The 9GAG - Funny pics and videos (aka com.ninegag.android.app) application 2.4.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5668 Band Cryptographic Issues vulnerability in Band -Group Sharing & Planning 3.2.8

The BAND -Group sharing & planning (aka com.nhn.android.band) application 3.2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5667 NQ Cryptographic Issues vulnerability in NQ Vault-Hide SMS Pics & Videos 5.0.14.22

The Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application 5.0.14.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5666 AVD APP Cryptographic Issues vulnerability in Avd-App AVD Download Video 3.3.13

The AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) application 3.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5664 Mobilityware Cryptographic Issues vulnerability in Mobilityware Spider Solitaire 3.0.0

The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5663 Mobilityware Cryptographic Issues vulnerability in Mobilityware Freecell Solitaire 2.1.2

The FreeCell Solitaire (aka com.mobilityware.freecell) application 2.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5662 Miniclip Cryptographic Issues vulnerability in Miniclip Rail Rush 1.9.0

The Rail Rush (aka com.miniclip.railrush) application 1.9.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5661 Miniclip Cryptographic Issues vulnerability in Miniclip Anger of Stick 3 1.0.3

The Anger of Stick 3 (aka com.miniclip.angerofstick3) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5660 Mymembersfirst Cryptographic Issues vulnerability in Mymembersfirst TN Members 1ST Fcu-Rdc 1.0.28

The TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application 1.0.28 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5659 Metago Cryptographic Issues vulnerability in Metago Astro File Manager With Cloud Astro4.4.592

The ASTRO File Manager with Cloud (aka com.metago.astro) application ASTRO-4.4.592 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5658 Mercadolibre Cryptographic Issues vulnerability in Mercadolibre 3.8.7

The MercadoLibre (aka com.mercadolibre) application 3.8.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5657 CA Lottery Results Project Cryptographic Issues vulnerability in CA Lottery Results Project CA Lottery Results 2.1

The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5656 Traauctions Cryptographic Issues vulnerability in Traauctions TRA Auctions for Buyers 2.6

The TRA Auctions for Buyers (aka com.manheim.tra) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5655 Cmcm Cryptographic Issues vulnerability in Cmcm CM Browser - Fast & Secure 5.0.50

The CM Browser - Fast & Secure (aka com.ksmobile.cb) application 5.0.50 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5654 Kaspersky Cryptographic Issues vulnerability in Kaspersky Internet Security 11.4.4.232

The Kaspersky Internet Security (aka com.kms.free) application 11.4.4.232 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5653 Kiragames Cryptographic Issues vulnerability in Kiragames Unblock ME Free 1.4.4.2

The Unblock Me FREE (aka com.kiragames.unblockmefree) application 1.4.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5652 Kicksend Cryptographic Issues vulnerability in Kicksend Photo Prints 1.0.7

The Kicksend Photo Prints (aka com.kicksend.android.print) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5651 Kicksend Cryptographic Issues vulnerability in Kicksend Kicksend: Share & Print Photos 3.3.2.18

The Kicksend: Share & Print Photos (aka com.kicksend.android) application 3.3.2.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5650 Jiuzhangtech Cryptographic Issues vulnerability in Jiuzhangtech Traffic JAM Free 1.7.7

The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5649 Ilove Cryptographic Issues vulnerability in Ilove - Free Dating & Chat APP 1.3.3

The iLove - Free Dating & Chat App (aka com.jestadigital.android.ilove) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5648 Jaumo Cryptographic Issues vulnerability in Jaumo Chat Flirt & Dating Heart Jaumo 2.7.5

The Chat, Flirt & Dating Heart JAUMO (aka com.jaumo) application 2.7.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5647 Islonline Cryptographic Issues vulnerability in Islonline ISL Light Remote Desktop 2.1.0

The ISL Light Remote Desktop (aka com.islonline.isllight.mobile.android) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5646 Iobit Cryptographic Issues vulnerability in Iobit AMC Security Antivirus Clean 4.4.1

The AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5645 Intsig Cryptographic Issues vulnerability in Intsig Camscanner -Phone PDF Creator 3.4.0.20140624

The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application 3.4.0.20140624 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5644 Intellectualflame Cryptographic Issues vulnerability in Intellectualflame Brightest LED Flashlight 1.2.4

The Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5643 Instachat Cryptographic Issues vulnerability in Instachat -Instagram Messenger 1.6.2

The Instachat -Instagram Messenger (aka com.instachat.android) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5642 Impi Cryptographic Issues vulnerability in Impi Mobile Security 2.1.0

The IMPI Mobile Security (aka com.impi) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5641 Cubettechnologies Cryptographic Issues vulnerability in Cubettechnologies Cloud Manager 1.6

The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5640 Cmcm Cryptographic Issues vulnerability in Cmcm CM Backup Restore Cloud Photo 1.1.0.135

The CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) application 1.1.0.135 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5639 ADT Taxis Cryptographic Issues vulnerability in Adt-Taxis ADT Taxis 6.0

The ADT Taxis (aka com.icabbi.adttaxisApp) application 6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5638 Huntington Cryptographic Issues vulnerability in Huntington Mobile 2.1.222

The Huntington Mobile (aka com.huntington.m) application 2.1.222 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5637 Jogoeusei Cryptographic Issues vulnerability in Jogoeusei EU SEI Euseiandroid5.5

The Eu Sei (aka com.guilardi.eusei) application eusei_android_5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5636 Granita Cryptographic Issues vulnerability in Granita Cloud Browser 2.2.1

The Cloud Browser (aka com.granitamalta.cloudbrowser) application 2.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5635 Createdineden Cryptographic Issues vulnerability in Createdineden BUY Yorkshire Conference 1.4

The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5634 Madipass Cryptographic Issues vulnerability in Madipass Martinique 1.8

The Madipass Martinique (aka com.goodbarber.madipassmartinique) application 1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5633 Girlsgames123 Cryptographic Issues vulnerability in Girlsgames123 Kiss Office 1.0

The Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5632 Getsetgames Cryptographic Issues vulnerability in Getsetgames Mega Jump @7F080002

The Mega Jump (aka com.getsetgames.megajump) application @7F080002 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5631 Casinogame Cryptographic Issues vulnerability in Casinogame Video Poker Casino 1.0.5

The Video Poker Casino (aka com.geaxgame.videopoker) application 1.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5630 Gcspublishing Cryptographic Issues vulnerability in Gcspublishing Home Repair 3.7.9

The Home Repair (aka com.gcspublishing.houserepairtalk) application 3.7.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5629 Gameresort Cryptographic Issues vulnerability in Gameresort Stupid Zombies 1.12

The Stupid Zombies (aka com.gameresort.stupidzombies) application 1.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5628 Gameloft Cryptographic Issues vulnerability in Gameloft Wonder ZOO - Animal Rescue ! 1.6.1

The Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZRHM) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5627 Gameloft Cryptographic Issues vulnerability in Gameloft ICE AGE Village 2.8.0

The Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) application 2.8.0m for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5626 Gameloft Cryptographic Issues vulnerability in Gameloft Brothers in Arms 2 Free+ 1.2.0

The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application 1.2.0b for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5625 Gamegou Cryptographic Issues vulnerability in Gamegou Perfect Kick 1.3.0

The Perfect Kick (aka com.gamegou.PerfectKick.google) application 1.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5624 Fungames Forfree Cryptographic Issues vulnerability in Fungames-Forfree Sniper Shooter Free - FUN Game 2.8

The Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershooter.free) application 2.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5623 Penguinchefshop Project Cryptographic Issues vulnerability in Penguinchefshop Project Penguinchefshop 1.0.1

The penguinchefshop (aka com.freegames.penguinchefshop) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5622 Mobbtech Cryptographic Issues vulnerability in Mobbtech Follow Mania for Instagram 1.2.1

The Follow Mania for Instagram (aka com.followmania) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5621 Fluik Cryptographic Issues vulnerability in Fluik Office Zombie 1.3.13

The Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application 1.3.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5620 Fluik Cryptographic Issues vulnerability in Fluik Office Jerk Free 1.7.13

The Office Jerk Free (aka com.fluik.OfficeJerkFree) application 1.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5618 Fingersoft Cryptographic Issues vulnerability in Fingersoft Cartoon Camera 1.2.2

The Cartoon Camera (aka com.fingersoft.cartooncamera) application 1.2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5617 Exsoul Browser Cryptographic Issues vulnerability in Exsoul-Browser Exsoul web Browser 3.3.3

The Exsoul Web Browser (aka com.exsoul) application 3.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5616 Litter Penguin Cryptographic Issues vulnerability in Litter Penguin web Browser & Explorer 2.0.7

The Web Browser & Explorer (aka com.explore.web.browser) application 2.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5615 Snapone Cryptographic Issues vulnerability in Snapone Snap Secure 9.5

The Snap Secure (aka com.exclaim.snapsecure.app) application 9.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5614 Etoolkit Cryptographic Issues vulnerability in Etoolkit Love Collage - Photo Editor 1.3

The Love Collage - Photo Editor (aka com.etoolkit.lovecollage) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5613 Entertailion Cryptographic Issues vulnerability in Entertailion Able Remote 2.3.6

The Able Remote (aka com.entertailion.android.remote) application 2.3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5612 Gmarket Cryptographic Issues vulnerability in Gmarket 5.1.3

The Gmarket (aka com.ebay.kr.gmarket) application 5.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5611 Ebay Kleinanzeigen Cryptographic Issues vulnerability in Ebay-Kleinanzeigen Ebay Kleinanzeigen for Germany 5.0.2

The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application 5.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5610 AL 3Azmi Cryptographic Issues vulnerability in AL 3Azmi Ce4Arab Market 0.12.13093.40460

The ce4arab market (aka com.dreamstep.wce4arabmarket) application 0.12.13093.40460 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5609 Djinnworks Cryptographic Issues vulnerability in Djinnworks Stickman SKI Racer 2.1

The Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5608 Djinnworks Cryptographic Issues vulnerability in Djinnworks Line Runner (Free) 4.0

The Line Runner (Free) (aka com.djinnworks.linerunnerfree) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5607 Disney The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2014-09-09 CVE-2014-5606 Disney The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2014-09-09 CVE-2014-5605 Digimobistudio Cryptographic Issues vulnerability in Digimobistudio QQ Copy 1.0

The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5604 Elokence Cryptographic Issues vulnerability in Elokence Akinator the Genie Free 2.46

The Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application 2.46 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5603 Deskroll Cryptographic Issues vulnerability in Deskroll Remote Desktop 0.6

The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5602 Magzter Cryptographic Issues vulnerability in Magzter -Magazine & Book Store 3.31

The Magzter -Magazine & Book Store (aka com.dci.magzter) application 3.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5601 1800Contacts Cryptographic Issues vulnerability in 1800Contacts APP 2.7.0

The 1800CONTACTS App (aka com.contacts1800.ecomapp) application 2.7.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5600 Familyconnect Project Cryptographic Issues vulnerability in Familyconnect Project Familyconnect 1.5.0

The familyconnect (aka com.comcast.plaxo.familyconnect.app) application 1.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5599 Withhive Cryptographic Issues vulnerability in Withhive Tiny Farm 2.02.00

The Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.android.common) application 2.02.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5598 Withhive Cryptographic Issues vulnerability in Withhive Puzzle Family 1.2.0

The Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.global.android.common) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5597 Withhive Cryptographic Issues vulnerability in Withhive 9 Innings: 2014 PRO Baseball 4.0.3

The 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freefull.google.global.android.common) application 4.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5596 Withhive Cryptographic Issues vulnerability in Withhive Homerun Battle 2 1.2.2.0

The Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.google.global.android.common) application 1.2.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5595 Withhive Cryptographic Issues vulnerability in Withhive Actionpuzzlefamily for Kakao 1.4.3

The actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.kakao.freefull.google.global.android.common) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5594 Cibc Cryptographic Issues vulnerability in Cibc Mobile Banking 3.2

The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5593 Christiancafe Cryptographic Issues vulnerability in Christiancafe Christian Dating Cafe 1.0.3

The Christian Dating Cafe (aka com.christiancafe.mobile.android) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5592 Choiceoflove Cryptographic Issues vulnerability in Choiceoflove Free Dating Heart COL 2.6.1

The Free Dating Heart COL (aka com.choiceoflove.dating) application 2.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5591 Franklychat Cryptographic Issues vulnerability in Franklychat Frankly Chat 3.0.1

The Frankly Chat (aka com.chatfrankly.android) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5590 Snake Evolution Project Cryptographic Issues vulnerability in Snake Evolution Project Snake Evolution 1.3.1

The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5589 Nowbrowser Cryptographic Issues vulnerability in Nowbrowser NOW Browser (Material) 2.8.1

The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application Material for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5588 Free Ebooks Project Cryptographic Issues vulnerability in Free Ebooks Project Free Ebooks 14.0

The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5587 Brokenscreencrank Project Cryptographic Issues vulnerability in Brokenscreencrank Project Brokenscreencrank 1.1

The brokenscreencrank (aka com.biggame.brokenscreencrank) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5586 Biat Cryptographic Issues vulnerability in Biat Biatnet 1.1

The BIATNET (aka com.biatnet.mobile) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5585 Bepopapp Cryptographic Issues vulnerability in Bepopapp Like4Like:Get Instagram Likes 2.1.5

The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5584 Beenverified Cryptographic Issues vulnerability in Beenverified Background Check Beenverified 4.01.67

The Background Check BeenVerified (aka com.beenverified.android) application 4.01.67 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5583 Blackbeltstudio Cryptographic Issues vulnerability in Blackbeltstudio Most Popular Ringtones 32

The Most Popular Ringtones (aka com.bbs.mostpopularringtones) application 32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5582 Makingmoneywithandroid Cryptographic Issues vulnerability in Makingmoneywithandroid Ingress Intel Helper 1.2

The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5581 Mirror Photo Shape Project Cryptographic Issues vulnerability in Mirror Photo & Shape Project Mirror Photo & Shape 1.4

The mirror photo shape (aka com.baiwang.styleinstamirror) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5580 Backgroundcheckprotool Cryptographic Issues vulnerability in Backgroundcheckprotool 3.5

The BackgroundCheckProTool (aka com.BackgroundCheckProTool) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5579 Anywherepad Cryptographic Issues vulnerability in Anywherepad Anywhere Pad-Meet Collaborate 4.0.1031

The Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) application 4.0.1031 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5578 Trading 212 Cryptographic Issues vulnerability in Trading 212 Trading 212 Forex

The Trading 212 FOREX (aka com.avuscapital.trading212) application before 2.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5577 Beautyntherep Cryptographic Issues vulnerability in Beautyntherep Avon Buy&Sell 0.3

The AVON Buy & Sell (aka com.AVONBeautyntheRep) application 0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5576 Avira Cryptographic Issues vulnerability in Avira Secure Backup 1.2.3

The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5574 ASK FM Cryptographic Issues vulnerability in Ask.Fm Ask.Fm-Social Q&A Network 1.2.4

The Ask.fm - Social Q&A Network (aka com.askfm) application 1.2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5573 Appstros Cryptographic Issues vulnerability in Appstros - Free Gift Cards! 1.1.3

The Appstros - FREE Gift Cards! (aka com.appstros.main) application 1.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5572 Jazzpodiumdetor Cryptographic Issues vulnerability in Jazzpodiumdetor Jazzpodium DE TOR 206160

The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5571 Appeak Cryptographic Issues vulnerability in Appeak Poker 2.4.5

The Appeak Poker (aka com.appeak.poker) application 2.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5570 AOL Cryptographic Issues vulnerability in AOL Dailyfinance - Stocks & News 2.0.2.1

The DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application 2.0.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5569 Animoca Cryptographic Issues vulnerability in Animoca Star Girl 3.4.1

The Star Girl (aka com.animoca.google.starGirl) application 3.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5568 Androkera Cryptographic Issues vulnerability in Androkera LAS Vegas Lottery Scratch OFF 1.2

The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5567 Hasb E Haal Project Cryptographic Issues vulnerability in Hasb E Haal Project Hasb E Haal 1.0.9

The hasb_e_haal (aka com.anawaz.hasb_e_haal) application 1.0.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5566 Americostech Cryptographic Issues vulnerability in Americostech Selfshot Front Flash Camera 1.1

The Selfshot - Front Flash Camera (aka com.americos.selfshot) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5565 Gadgettrak Cryptographic Issues vulnerability in Gadgettrak Mobile Security 1.6

The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5564 Aceviral Cryptographic Issues vulnerability in Aceviral Angry Gran Toss 1.1.1

The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5563 Show DO Milhao 2014 Project Cryptographic Issues vulnerability in Show DO Milhao 2014 Project Show DO Milhao 2014 1.4.6

The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5562 Coles Credit Cards Cryptographic Issues vulnerability in Coles Credit Cards Coles Credit Card APP 1.0.0

The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5561 Devarai Cryptographic Issues vulnerability in Devarai Word Search Free 4.9

The Word Search Free (aka air.wordSearchFree) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5560 Mdickie Cryptographic Issues vulnerability in Mdickie Popscene 1.04

The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5559 Josiane Sauveterre Cryptographic Issues vulnerability in Josiane Sauveterre Goldfish Care 1.0.3

The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5558 Mdickie Cryptographic Issues vulnerability in Mdickie Hard Time 1.111

The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5557 Commerce Cryptographic Issues vulnerability in Commerce America'S Economy for Phone 1.5.2

The America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5556 Flyfishing AND Flytying Cryptographic Issues vulnerability in Flyfishing-And-Flytying FLY Fishing & FLY Tying 3.21.0

The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application 3.21.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5555 Ilearnwith Cryptographic Issues vulnerability in Ilearnwith Counting & Addition Kids Games 1.8.1

The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5554 Ilearnwith Cryptographic Issues vulnerability in Ilearnwith FUN Preschool Creativity Game 1.6.2

The Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5553 Ilearnwith Cryptographic Issues vulnerability in Ilearnwith Kids Preschool Learning Games 1.3.2

The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5552 Ilearnwith Cryptographic Issues vulnerability in Ilearnwith Numbers & Addition! Math Games 1.4.3

The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5551 Ilearnwith Cryptographic Issues vulnerability in Ilearnwith Alphabet & Spelling Kids Games 1.4.2

The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5550 Ilearnwith Cryptographic Issues vulnerability in Ilearnwith Animals! Kids Preschool Games 1.6.1

The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5549 Starluxstudios Cryptographic Issues vulnerability in Starluxstudios Puppy Slots 3.0

The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5548 Seven Bulls Cryptographic Issues vulnerability in Seven Bulls Christmas Words 1.0.1

The Christmas Words (aka air.com.sevenBulls.summerWords) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5547 Permadi Cryptographic Issues vulnerability in Permadi Mahjong Galaxy Space Lite 2.5

The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5546 Little Games Cryptographic Issues vulnerability in Little Games Africa Memory 1.0.1

The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5545 Torrnad0 Cryptographic Issues vulnerability in Torrnad0 Sprint Jump 1.0

The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5544 Freshplanet Cryptographic Issues vulnerability in Freshplanet Songpop 1.21.2

The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5543 Differencegames Cryptographic Issues vulnerability in Differencegames Hidden Object - Alice Free 1.0.17

The Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application 1.0.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5542 Tamalaki Cryptographic Issues vulnerability in Tamalaki Hidden Object Mystery 1.0.65

The Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application 1.0.65 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5541 Differencegames Cryptographic Issues vulnerability in Differencegames Hidden Memory - Aladdin Free! 1.0.31

The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application 1.0.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5540 Flickatrade Cryptographic Issues vulnerability in Flickatrade Flick A Trade 3.3

The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5539 Amiscu Cryptographic Issues vulnerability in Amiscu Michael Baker Federal Credit Union 1.2.0

The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5538 Amiscu Cryptographic Issues vulnerability in Amiscu Westmoreland Water FCU 1.2.0

The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5537 Chewysoftware Cryptographic Issues vulnerability in Chewysoftware Abduction Stacker Free 1.0.7

The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5536 Bashgaming Cryptographic Issues vulnerability in Bashgaming Bingo Bash Free Bingo Casino 1.31.1

The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5535 Girlgame Cryptographic Issues vulnerability in Girlgame Baby GET UP - Kids Care 1.0.3

The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5534 Appministry Cryptographic Issues vulnerability in Appministry Princess Shopping 2

The Princess Shopping (aka air.android.PrincessShopping) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5532 Adidas Cryptographic Issues vulnerability in Adidas Honolulu 2

The Honolulu (aka adidas.jp.android.running.honolulu) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5531 Goabode Cryptographic Issues vulnerability in Goabode Abode 1.7

The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5529 Gameloft Cryptographic Issues vulnerability in Gameloft Library

The Gameloft library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5528 Appsflyer Cryptographic Issues vulnerability in Appsflyer

The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5527 Tapjoy Cryptographic Issues vulnerability in Tapjoy Library

The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5526 Inmobi Cryptographic Issues vulnerability in Inmobi

The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5525 Playscape Cryptographic Issues vulnerability in Playscape Mominis Library

The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-09 CVE-2014-5524 Adcolony Cryptographic Issues vulnerability in Adcolony Library

The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-12 CVE-2014-2009 Mpay24 Project Information Exposure vulnerability in Mpay24 Project Mpay24

The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.

5.0
2014-09-12 CVE-2014-3092 IBM Information Exposure vulnerability in IBM products

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2014-09-11 CVE-2014-3985 Miniupnp Project
Linux
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows remote attackers to cause a denial of service (crash) via crafted headers that trigger an out-of-bounds read.

5.0
2014-09-11 CVE-2014-3609 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values."

5.0
2014-09-10 CVE-2014-4788 IBM Credentials Management vulnerability in IBM Initiate Master Data Service

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.

5.0
2014-09-10 CVE-2014-3348 Cisco Improper Input Validation vulnerability in Cisco products

The SSH module in the Integrated Management Controller (IMC) before 2.3.1 in Cisco Unified Computing System on E-Series blade servers allows remote attackers to cause a denial of service (IMC hang) via a crafted SSH packet, aka Bug ID CSCuo69206.

5.0
2014-09-10 CVE-2014-0909 IBM Information Exposure vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2014-09-10 CVE-2014-4072 Microsoft Resource Management Errors vulnerability in Microsoft .Net Framework

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly use a hash table for request data, which allows remote attackers to cause a denial of service (resource consumption and ASP.NET performance degradation) via crafted requests, aka ".NET Framework Denial of Service Vulnerability."

5.0
2014-09-10 CVE-2014-4071 Microsoft Remote Denial of Service vulnerability in Microsoft Lync Server 2013

The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability." <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

5.0
2014-09-10 CVE-2014-4068 Microsoft Improper Input Validation vulnerability in Microsoft Lync Server 2010/2013

The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."

5.0
2014-09-10 CVE-2014-4786 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Initiate Master Data Service

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.

4.9
2014-09-12 CVE-2014-5441 Fatfreecrm Cross-Site Scripting vulnerability in Fatfreecrm FAT Free CRM

Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name in a (a) create or (b) edit user action.

4.3
2014-09-12 CVE-2014-5259 Blackcat CMS Cross-Site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.0/1.0.1/1.0.2

Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2014-09-12 CVE-2014-4735 Mywebsql Cross-Site Scripting vulnerability in Mywebsql

Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.

4.3
2014-09-12 CVE-2012-1556 Synology Cross-Site Scripting vulnerability in Synology Diskstation Manager and Synology Photo Station

Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.

4.3
2014-09-11 CVE-2014-5391 SOS Cross-Site Scripting vulnerability in SOS Jobscheduler

Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).

4.3
2014-09-11 CVE-2014-5129 Avolvesoftware Cross-Site Scripting vulnerability in Avolvesoftware Projectdox 8.1

Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-09-11 CVE-2014-6240 Google Sitemap Project Cross-Site Scripting vulnerability in Google Sitemap Project Google Sitemap 0.4.3

Cross-site scripting (XSS) vulnerability in the Google Sitemap (weeaar_googlesitemap) extension 0.4.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-09-11 CVE-2014-6238 Akronymmanager Project Cross-Site Scripting vulnerability in Akronymmanager Project Akronymmanager

Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB Folderdownload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-09-11 CVE-2014-6234 Open Graph Protocol Project Cross-Site Scripting vulnerability in Open Graph Protocol Project Open Graph Protocol 1.0.1

Cross-site scripting (XSS) vulnerability in the Open Graph protocol (jh_opengraphprotocol) extension before 1.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-09-11 CVE-2014-6070 Adiscon Cross-Site Scripting vulnerability in Adiscon Loganalyzer

Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php.

4.3
2014-09-11 CVE-2012-0984 Xoops Cross-Site Scripting vulnerability in Xoops

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.

4.3
2014-09-11 CVE-2011-4887 Imperva Cross-Site Scripting vulnerability in Imperva Securesphere web Application Firewall 9.0

Cross-site scripting (XSS) vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall (WAF) 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field.

4.3
2014-09-10 CVE-2014-4784 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Initiate Master Data Service

IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote attackers to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue.

4.3
2014-09-10 CVE-2014-3343 Cisco Improper Input Validation vulnerability in Cisco IOS XR 5.1.0

Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (DHCPv6 daemon crash) via a malformed DHCPv6 packet, aka Bug ID CSCuo59052.

4.3
2014-09-10 CVE-2014-4070 Microsoft Cross-Site Scripting vulnerability in Microsoft Lync Server 2013

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."

4.3
2014-09-08 CVE-2014-5464 Ntop Cross-Site Scripting vulnerability in Ntop Ntopng 1.1/1.2.0

Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

4.3
2014-09-08 CVE-2014-5369 Enigmail Cryptographic Issues vulnerability in Enigmail 1.7/1.7.2

Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.

4.3
2014-09-08 CVE-2014-0153 Ovirt Information Exposure vulnerability in Ovirt

The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.

4.3
2014-09-12 CVE-2014-4792 IBM Resource Management Errors vulnerability in IBM Websphere Portal

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF28, 8.0.0 through 8.0.0.1 CF13, and 8.5.0 before CF02 allows remote authenticated users to cause a denial of service (disk consumption) by uploading large files.

4.0
2014-09-12 CVE-2014-3342 Cisco Information Disclosure vulnerability in Cisco IOS XR Software Command Line Interface (CLI)

The CLI in Cisco IOS XR allows remote authenticated users to obtain sensitive information via unspecified commands, aka Bug IDs CSCuq42336, CSCuq76853, CSCuq76873, and CSCuq45383.

4.0
2014-09-11 CVE-2014-5393 SOS Path Traversal vulnerability in SOS Jobscheduler

Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.

4.0
2014-09-11 CVE-2014-6232 Ldap Project Information Disclosure vulnerability in Ldap Project Ldap 2.8.17

Unspecified vulnerability in the LDAP (eu_ldap) extension before 2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive information via unknown vectors.

4.0
2014-09-10 CVE-2014-6074 IBM Cryptographic Issues vulnerability in IBM Urbancode Deploy 6.1.0.2

IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated users to read keystore secret keys via a direct request to a UI page.

4.0

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-12 CVE-2014-4762 IBM Cross-Site Scripting vulnerability in IBM Websphere Portal

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF13 and 8.5.0 before CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-09-12 CVE-2014-3363 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 9.1(2.10000.28)

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Manager (UCM) 9.1(2.10000.28) allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq68443.

3.5
2014-09-11 CVE-2014-3740 Spiceworks Cross-Site Scripting vulnerability in Spiceworks 7.2.00174/7.2.00189

Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.

3.5
2014-09-11 CVE-2014-6237 News Pack Project Cross-Site Scripting vulnerability in News Pack Project News Pack 0.1.0

Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-09-10 CVE-2014-5313 Sixapart Cross-Site Scripting vulnerability in Sixapart Movabletype

Cross-site scripting (XSS) vulnerability in the management page in Six Apart Movable Type before 5.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-09-10 CVE-2014-4787 IBM Cross-Site Scripting vulnerability in IBM Initiate Master Data Service

Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2014-09-10 CVE-2014-4756 IBM Unspecified vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.

3.5
2014-09-10 CVE-2014-4864 Netgear Credentials Management vulnerability in Netgear Prosafe Firmware

The NETGEAR ProSafe Plus Configuration Utility creates configuration backup files containing cleartext passwords, which might allow remote attackers to obtain sensitive information by reading a file.

3.3
2014-09-10 CVE-2014-3079 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Rational License KEY Server 8.1.4/8.1.4.2/8.1.4.3

The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL query.

2.1