Weekly Vulnerabilities Reports > September 22 to 28, 2014
Overview
222 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 326 products from 206 vendors including IBM, Cisco, GNU, Redhat, and Suse. Vulnerabilities are notably categorized as "Cryptographic Issues", "Cross-site Scripting", "OS Command Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 41 reported vulnerabilities are remotely exploitables.
- 10 reported vulnerabilities have public exploit available.
- 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 217 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 13 reported vulnerabilities.
- GNU has the most reported critical vulnerabilities, with 5 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-28 | CVE-2014-7187 | GNU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Bash Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue. | 10.0 |
2014-09-28 | CVE-2014-7186 | GNU | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Bash The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue. | 10.0 |
2014-09-27 | CVE-2014-6277 | GNU | OS Command Injection vulnerability in GNU Bash GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | 10.0 |
2014-09-23 | CVE-2014-4752 | IBM | Unspecified vulnerability in IBM products IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. | 10.0 |
2014-09-25 | CVE-2014-7169 | GNU Arista Oracle Qnap Mageia Redhat Suse Opensuse Debian IBM Canonical Novell Checkpoint F5 Citrix Apple Vmware | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. | 9.8 |
2014-09-24 | CVE-2014-6271 | GNU Arista Oracle Qnap Mageia Redhat Suse Opensuse Debian IBM Canonical Novell Checkpoint F5 Citrix Apple Vmware | OS Command Injection vulnerability in multiple products GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | 9.8 |
2014-09-27 | CVE-2014-3062 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0 Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-25 | CVE-2014-3360 | Cisco | OS Command Injection vulnerability in Cisco IOS and IOS XE Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586. | 7.8 |
2014-09-25 | CVE-2014-3359 | Cisco | Resource Management Errors vulnerability in Cisco IOS and IOS XE Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081. | 7.8 |
2014-09-25 | CVE-2014-3358 | Cisco | OS Command Injection vulnerability in Cisco IOS and IOS XE Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950. | 7.8 |
2014-09-25 | CVE-2014-3357 | Cisco | OS Command Injection vulnerability in Cisco IOS and IOS XE Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866. | 7.8 |
2014-09-25 | CVE-2014-3356 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XE The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753. | 7.8 |
2014-09-25 | CVE-2014-3355 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XE The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942. | 7.8 |
2014-09-25 | CVE-2014-3354 | Cisco | Improper Input Validation vulnerability in Cisco IOS and IOS XE Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547. | 7.8 |
2014-09-26 | CVE-2014-6446 | Infusionsoft Gravity Forms Project | Code Injection vulnerability in Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php. | 7.5 |
2014-09-22 | CVE-2014-0484 | Canonical | Permissions, Privileges, and Access Controls vulnerability in Canonical Acpi-Support 0.140 The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment." | 7.2 |
2014-09-22 | CVE-2014-2942 | Cobham | Credentials Management vulnerability in Cobham Aviator 700D and Aviator 700E Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code. | 7.2 |
2014-09-25 | CVE-2014-3361 | Cisco | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071. | 7.1 |
201 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-23 | CVE-2014-4973 | Eset | Improper Input Validation vulnerability in Eset Endpoint Security and Smart Security The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call. | 6.9 |
2014-09-22 | CVE-2014-6602 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Nokia Asha 501 and Nokia Asha 501 Software Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option. | 6.6 |
2014-09-26 | CVE-2014-5324 | Najeebmedia | Code Injection vulnerability in Najeebmedia N-Media File Uploader 3.0/3.1/3.2 Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file. | 6.5 |
2014-09-22 | CVE-2014-7153 | Huge IT | SQL Injection vulnerability in Huge-It Image Gallery 1.0.1 SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | 6.5 |
2014-09-26 | CVE-2014-5319 | S Link | Path Traversal vulnerability in S-Link Slfilemanager Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors. | 6.4 |
2014-09-23 | CVE-2014-4816 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.0 |
2014-09-26 | CVE-2014-5318 | JIG | Permissions, Privileges, and Access Controls vulnerability in JIG Jigbrowser+ 1.8.0 The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | 5.8 |
2014-09-23 | CVE-2014-5392 | SOS | XML External Entity Injection vulnerability in JobScheduler XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference. | 5.8 |
2014-09-22 | CVE-2014-5321 | Filemaker | Cryptographic Issues vulnerability in Filemaker PRO and Filemaker PRO Advanced FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2014-09-28 | CVE-2014-6771 | Uhcu | Cryptographic Issues vulnerability in Uhcu United Heritage Mobile 1.1 The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6770 | Apppasta | Cryptographic Issues vulnerability in Apppasta Aerospace Jobs 1.399 The Aerospace Jobs (aka com.app_aerospacejobs.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6769 | Mobilesoft | Cryptographic Issues vulnerability in Mobilesoft Meteo Belgique 3.2 The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6768 | Anywhere Anytime Yoga Workout Project | Cryptographic Issues vulnerability in Anywhere Anytime Yoga Workout Project Anywhere Anytime Yoga Workout 1 The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6767 | Denki | Cryptographic Issues vulnerability in Denki Juggle! Free 3.0.0 The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6766 | Afro Beat Project | Cryptographic Issues vulnerability in Afro-Beat Project Afro-Beat 0.2 The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6765 | Mibizapps | Cryptographic Issues vulnerability in Mibizapps NO Fuss Home Loans 1.0035.B0035 The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application 1.0035.b0035 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6764 | Assyrianapp | Cryptographic Issues vulnerability in Assyrianapp Assyrian 2.2 The Assyrian (aka com.b2.assyrian.activity) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6763 | Secondfiction | Cryptographic Issues vulnerability in Secondfiction Codename Birdgame 1 The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6762 | Bongomovie Project | Cryptographic Issues vulnerability in Bongomovie Project Bongomovie 1 The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6761 | Pimpstore | Cryptographic Issues vulnerability in Pimpstore Aprende A Meditar 1 The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6760 | Haremthief | Cryptographic Issues vulnerability in Haremthief Harem Thief Dating 1.2.1 The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6759 | Downton Abbey FAN Portal Project | Cryptographic Issues vulnerability in Downton Abbey FAN Portal Project Downton Abbey FAN Portal 1 The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6758 | Mgsasia | Cryptographic Issues vulnerability in Mgsasia QIN Story 1 The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6757 | Allqoranvideos | Cryptographic Issues vulnerability in Allqoranvideos Koran - Alqoranvideos 1 The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6756 | Biais | Cryptographic Issues vulnerability in Biais Reddit AWW 1.2.1 The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6755 | Shiftdelete | Cryptographic Issues vulnerability in Shiftdelete SDN Forum 3.6.5 The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6754 | Vector | Cryptographic Issues vulnerability in Vector Outage Manager 1.7 The Vector Outage Manager (aka nz.co.vector.outagemanager) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6753 | Halanew | Cryptographic Issues vulnerability in Halanew Sunnat E Rasool 2 The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6752 | Mindless Behavior FAN Base Project | Cryptographic Issues vulnerability in Mindless Behavior FAN Base Project Mindless Behavior FAN Base 1 The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6751 | Grasshopper | Cryptographic Issues vulnerability in Grasshopper Beta 2.1 The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6750 | 0 99 Kindle Books Project | Cryptographic Issues vulnerability in $0.99 Kindle Books Project $0.99 Kindle Books 6 The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6749 | Ananursespace | Cryptographic Issues vulnerability in Ananursespace American Nurses Association 1.0.0 The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-28 | CVE-2014-6748 | Gemaire | Cryptographic Issues vulnerability in Gemaire Gemaire'S Hvac Assist 5 The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6747 | Seeon | Cryptographic Issues vulnerability in Seeon 4.0.7 The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6746 | Infinitiusa | Cryptographic Issues vulnerability in Infinitiusa Infiniti Roadside Assistance 1.1 The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6745 | Sosocome | Cryptographic Issues vulnerability in Sosocome Family Location 3.4 The Family Location (aka com.sosocome.family) application 3.4 2014-5-20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6744 | AL Ahsa News Project | Cryptographic Issues vulnerability in Al-Ahsa News Project Al-Ahsa News 2 The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6743 | Lipbrau | Cryptographic Issues vulnerability in Lipbrau Hearsay: A Social Party Game 1.7.000 The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6742 | ALL Around Cyprus Project | Cryptographic Issues vulnerability in ALL Around Cyprus Project ALL Around Cyprus 2.11 The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6741 | Tribunenews365 | Cryptographic Issues vulnerability in Tribunenews365 John Macarthur 1.0.26 The John MacArthur (aka com.john.macarthur) application 1.0.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6740 | Xdforum | Cryptographic Issues vulnerability in Xdforum XD Forum 3.9.17 The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6739 | Healthways | Cryptographic Issues vulnerability in Healthways Well-Being Connect Mobile 2.9 The Well-Being Connect Mobile (aka com.healthways.wellbeinggo) application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6738 | Joungouapps | Cryptographic Issues vulnerability in Joungouapps Maccabi TEL Aviv 1 The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6737 | Ultimate Target Armored Sniper Project | Cryptographic Issues vulnerability in Ultimate Target-Armored Sniper Project Ultimate Target-Armored Sniper 1.0.1 The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6736 | 9Jacompass | Cryptographic Issues vulnerability in 9Jacompass EPL HAT Trick 1 The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6735 | Bmobile | Cryptographic Issues vulnerability in Bmobile Imagine Next Bmobile 1.7.10.243 The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-27 | CVE-2014-6734 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Wine Making 3.7.15 The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6733 | T Mobile | Cryptographic Issues vulnerability in T-Mobile MY T-Mobile @7F0C0030 The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6732 | Westpac | Cryptographic Issues vulnerability in Westpac Mobile Banking 5.21 The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6731 | Alfabank | Cryptographic Issues vulnerability in Alfabank Alfa-Bank 5.5.1.1 The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6730 | Melodigram | Cryptographic Issues vulnerability in Melodigram 1.1 The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6729 | Grillingwithrich | Cryptographic Issues vulnerability in Grillingwithrich Grilling With Rich 1 The Grilling with Rich (aka com.grilling.with.rich) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6728 | Mythinkpal | Cryptographic Issues vulnerability in Mythinkpal Thinkpal 1.6.3 The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6727 | Automon | Cryptographic Issues vulnerability in Automon Mikeius 1.4.2.0 The Mikeius (Official App) (aka com.automon.mikeius) application 1.4.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6726 | 30A | Cryptographic Issues vulnerability in 30A 5.26.2 The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6725 | Apprenticeuitgevers | Cryptographic Issues vulnerability in Apprenticeuitgevers Schoolxm 1.2 The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6724 | Soapmakingforum | Cryptographic Issues vulnerability in Soapmakingforum Soap Making 3.7.13 The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6723 | Comicsplusapp | Cryptographic Issues vulnerability in Comicsplusapp Comics Plus 1.06 The Comics Plus (aka com.iversecomics.comicsplus.android) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6722 | Clearfishing | Cryptographic Issues vulnerability in Clearfishing Pescuit Crap Lite 1 The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6721 | Pharmaguideline | Cryptographic Issues vulnerability in Pharmaguideline 1.2.0 The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6720 | Clearfishing | Cryptographic Issues vulnerability in Clearfishing Pesca DE Carpa Lite 1.0 The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-26 | CVE-2014-6719 | Rapidmedia | Cryptographic Issues vulnerability in Rapidmedia Kayak Angler Magazine 3.12.0 The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6718 | Mymobileday1 | Cryptographic Issues vulnerability in Mymobileday1 MY Mobile DAY 1.3 The My Mobile Day (aka com.mymobileday) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6717 | Itriagehealth | Cryptographic Issues vulnerability in Itriagehealth Itriage Health 5.29 The iTriage Health (aka com.healthagen.iTriage) application 5.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6716 | Fastin Project | Cryptographic Issues vulnerability in Fastin Project Fastin 1 The fastin (aka moda.azyae.fastin.net) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6715 | Popoinnovation | Cryptographic Issues vulnerability in Popoinnovation Slotmachine 1.03 The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6714 | Webmd | Cryptographic Issues vulnerability in Webmd 3.5 The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6713 | Medquiz | Cryptographic Issues vulnerability in Medquiz: Medical Chat and Mcqs Project Medquiz: Medical Chat and Mcqs 1.5 The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6712 | Iata | Cryptographic Issues vulnerability in Iata Airlines International 1 The Airlines International (aka org.iata.IAMagazine) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6711 | Nobexrc | Cryptographic Issues vulnerability in Nobexrc ABC Lounge Webradio 3.3.10 The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6710 | Chifro | Cryptographic Issues vulnerability in Chifro Kids Coloring Game 1.6 The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6709 | Techradar News Project | Cryptographic Issues vulnerability in Techradar News Project Techradar News 1 The TechRadar News (aka com.techradar.news) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6708 | Sportinginnovations | Cryptographic Issues vulnerability in Sportinginnovations Utah Jazz 2.0.0 The Sporting Club Uphoria (aka com.sportinginnovations.skc) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6707 | 7Sage | Cryptographic Issues vulnerability in 7Sage Lsat Prep - Proctor 2.1.1 The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6706 | Erau | Cryptographic Issues vulnerability in Erau Embry-Riddle 1.4.04 The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6705 | Maher Zain Project | Cryptographic Issues vulnerability in Maher Zain Project Maher Zain 1.1 The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6704 | Sportinginnovations | Cryptographic Issues vulnerability in Sportinginnovations Utah Jazz 2.0.0 The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6703 | Phonearabs4 Project | Cryptographic Issues vulnerability in Phonearabs4 Project Phonearabs4 1.4 The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-25 | CVE-2014-6702 | Starsat | Cryptographic Issues vulnerability in Starsat International 1.41.54.9222 The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application 1.41.54.9222 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6701 | Vendormate | Cryptographic Issues vulnerability in Vendormate Mobile 3.0 The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6700 | NBA | Cryptographic Issues vulnerability in NBA Game Time 2013-2014 4.11 The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application 4.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6699 | Weather | Cryptographic Issues vulnerability in Weather Channel 5.2.0 The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6698 | IGG | Cryptographic Issues vulnerability in IGG Galaxy Online 2 1.2.3 The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6697 | Mobilesoft | Cryptographic Issues vulnerability in Mobilesoft Morocco Weather 3.1 The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6696 | Candy Girl Party Makeover Project | Cryptographic Issues vulnerability in Candy Girl Party Makeover Project Candy Girl Party Makeover 1.0.0.0 The Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlparty) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6695 | Wedding Photo Frames Love Pics Project | Cryptographic Issues vulnerability in Wedding Photo Frames-Love Pics Project Wedding Photo Frames-Love Pics 1.0 The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6694 | 5Sos Family Planet Project | Cryptographic Issues vulnerability in 5Sos Family Planet Project 5Sos Family Planet 2.3.4 The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-6693 | Juiker | Cryptographic Issues vulnerability in Juiker 3.2.0829.1 The Juiker (aka org.itri) application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-5323 | Yukoyuko | Cryptographic Issues vulnerability in Yukoyuko Yuko 1.0.5 The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6692 | WPS | Cryptographic Issues vulnerability in WPS Kingsoft Clip (Office Tool) 1.5.1 The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6691 | Ucweb | Cryptographic Issues vulnerability in Ucweb UC Browser HD 3.3.1.469 The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6690 | Insta ME | Cryptographic Issues vulnerability in Insta.Me Instamessage - Instagram Chat 1.6.2 The InstaMessage - Instagram Chat (aka com.futurebits.instamessage.free) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6689 | Jingwei | Cryptographic Issues vulnerability in Jingwei JW Cards 3.8.0 The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6688 | Voices | Cryptographic Issues vulnerability in Voices Voices.Com 1.5 The Voices.com (aka com.voices.voices) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6687 | Wsaudichannelalnas Project | Cryptographic Issues vulnerability in Wsaudichannelalnas Project Wsaudichannelalnas 0.1 The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6686 | Zoho | Cryptographic Issues vulnerability in Zoho Books - Accounting APP 3.1.9 The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6685 | Netjapan | Cryptographic Issues vulnerability in Netjapan Tsushima Travel Guide 1.9 The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6684 | MOL | Cryptographic Issues vulnerability in MOL Bringapont 1.1 The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6683 | Openelectrical | Cryptographic Issues vulnerability in Openelectrical Open Electrical Webser 0.1 The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6682 | W88235Ff7Bdc2Fb574F1789750Ea99Ed6 Project | Cryptographic Issues vulnerability in W88235Ff7Bdc2Fb574F1789750Ea99Ed6 Project W88235Ff7Bdc2Fb574F1789750Ea99Ed6 0.1 The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6681 | Wordbox | Cryptographic Issues vulnerability in Wordbox Mahabharata Audiocast 1.0 The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6680 | Superheroquiz Project | Cryptographic Issues vulnerability in Superheroquiz Project Superheroquiz 1.0 The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6679 | Wepisdparentportal Project | Cryptographic Issues vulnerability in Wepisdparentportal Project Wepisdparentportal 1.0 The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6678 | Wordbox | Cryptographic Issues vulnerability in Wordbox Algeria Radio 2.5 The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6677 | Ticketroundup | Cryptographic Issues vulnerability in Ticketroundup Ticket Round UP 3.0.1 The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6676 | Hdcar | Cryptographic Issues vulnerability in Hdcar Exercitii Pentru Abdomen 1.0 The Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdomen41E29322) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6675 | Rutaexacta | Cryptographic Issues vulnerability in Rutaexacta Ruta Exacta 1.0 The Ruta Exacta (aka com.rutaexacta.m) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6674 | Amazighmusic Project | Cryptographic Issues vulnerability in Amazighmusic Project Amazighmusic 1.0 The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6673 | Zhtiantian | Cryptographic Issues vulnerability in Zhtiantian Challengertx 3.9.12.5 The ChallengerTX (aka com.zhtiantian.ChallengerTX) application 3.9.12.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6672 | Friendcasterapp | Cryptographic Issues vulnerability in Friendcasterapp Friendcaster 5.4.5 The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6671 | Letshare | Cryptographic Issues vulnerability in Letshare World CUP 2014 Brazil - XEM TV 2.6 The World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6670 | Singaporemotherhood | Cryptographic Issues vulnerability in Singaporemotherhood Forum 3.6.6 The SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcomforum) application 3.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6669 | Pocketmags | Cryptographic Issues vulnerability in Pocketmags Inside Crochet @7F08017A The Inside Crochet (aka com.magazinecloner.insidecrochet) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6668 | Nana Project | Cryptographic Issues vulnerability in Nana Project African Radios Live 1.0.6 The African Radios Live (aka com.nana.africanradioslive) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6667 | Racemotocross Project | Cryptographic Issues vulnerability in Racemotocross Project Racemotocross 1.2 The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6666 | Anusthanokarehasya | Cryptographic Issues vulnerability in Anusthanokarehasya Baglamukhi 0.1 The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6665 | Quranedu | Cryptographic Issues vulnerability in Quranedu Ahmed Bukhatir Nasheeds TV 1.0 The Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6664 | Latin Angels Music HD Project | Cryptographic Issues vulnerability in Latin Angels Music HD Project Latin Angels Music HD 2.0 The Latin Angels Music HD (aka com.applizards.lafreetj) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6663 | Addisgag | Cryptographic Issues vulnerability in Addisgag Addis GAG Funny Amharic PIC 0.1 The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6662 | Krstarica | Cryptographic Issues vulnerability in Krstarica Forum Krstarice 3.5.14 The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6661 | 163 | Cryptographic Issues vulnerability in 163 Netease Movie 4.7.2 The netease movie (aka com.netease.movie) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6660 | Blogkamek | Cryptographic Issues vulnerability in Blogkamek Koleksi Hadis Nabi SAW 0.1 The Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6659 | Defence | Cryptographic Issues vulnerability in Defence Defence.Pk 2.4.13.1 The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6658 | Apploi | Cryptographic Issues vulnerability in Apploi JOB Search- Find Jobs 4.19 The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6657 | Alhazai | Cryptographic Issues vulnerability in Alhazai Leadership Newspapers 1.2 The Leadership Newspapers (aka com.LeadershipNewspapers) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6656 | Drar EYM | Cryptographic Issues vulnerability in Drar-Eym Drareym 0.1 The drareym (aka com.drareym) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6655 | Exoticpetnetwork | Cryptographic Issues vulnerability in Exoticpetnetwork Tortoise Forum 3.5.16 The Tortoise Forum (aka org.tortoiseforum.android.forumrunner) application 3.5.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6654 | Wtrootrootvizle Project | Cryptographic Issues vulnerability in Wtrootrootvizle Project Wtrootrootvizle 0.1 The wTrootrooTvIzle (aka com.wTrootrooTvIzle) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6653 | Wordboxapps | Cryptographic Issues vulnerability in Wordboxapps Afghan Radio 2.5 The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6652 | Wizaz | Cryptographic Issues vulnerability in Wizaz Forum 3.6.4 The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6651 | Planetofthevapes | Cryptographic Issues vulnerability in Planetofthevapes Planet of the Vapes Forum 3.7.9 The Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukforums) application 3.7.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6650 | Nextgenupdate | Cryptographic Issues vulnerability in Nextgenupdate 3.1.6 The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application 3.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6649 | Mybroadband | Cryptographic Issues vulnerability in Mybroadband Tapatalk 3.9.22 The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6648 | Iphone4 | Cryptographic Issues vulnerability in Iphone4 Iphone4.Tw 3.3.20 The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6647 | Santiagosarceda | Cryptographic Issues vulnerability in Santiagosarceda Elforro.Com 2.4.3.10 The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-23 | CVE-2014-6646 | Bellyhoodcom Project | Cryptographic Issues vulnerability in Bellyhoodcom Project Bellyhoodcom 3.4.23 The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6645 | Batch | Cryptographic Issues vulnerability in Batch Library The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6643 | Fiatforum | Cryptographic Issues vulnerability in Fiatforum Fiat Forum 3.8.41 The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6642 | Marksdailyapple | Cryptographic Issues vulnerability in Marksdailyapple Mark'S Daily Apple Forum 2.9.4.3 The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application 2.4.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6641 | Gcspublishing | Cryptographic Issues vulnerability in Gcspublishing Homesteading Today 3.7.14 The Homesteading Today (aka com.tapatalk.homesteadingtodaycom) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6640 | DNB | Cryptographic Issues vulnerability in DNB Trade 1.0 The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6639 | Tiomobilepay | Cryptographic Issues vulnerability in Tiomobilepay TIO Mobilepay - Bill Payments 1.1.1 The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6638 | Wtmdesktop Project | Cryptographic Issues vulnerability in Wtmdesktop Project Wtmdesktop 1.0 The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6637 | Praninc | Cryptographic Issues vulnerability in Praninc Facebook Facts 0.1 The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6636 | Rsupport | Cryptographic Issues vulnerability in Rsupport LG Telepresence 2.0.12 The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Build 63 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6023 | S Peek | Cryptographic Issues vulnerability in S-Peek Credit Rating Report 2.1.3 The s-peek credit rating report (aka com.rhomobile.speek) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6022 | Versentbooks | Cryptographic Issues vulnerability in Versentbooks Versent Books 1.1.99 The Versent Books (aka com.versentbooks) application 1.1.99 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6021 | H Dvisa | Cryptographic Issues vulnerability in H-Dvisa Harley-Davidson Visa 1.18 The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6020 | Fuelrewards | Cryptographic Issues vulnerability in Fuelrewards Fuel Rewards Network 1.0 The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6019 | Psychology Project | Cryptographic Issues vulnerability in Psychology Project Psychology 1.0.2 The psychology (aka com.alek.psychology) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6018 | Global Beauty Research Project | Cryptographic Issues vulnerability in Global Beauty Research Project Global Beauty Research 1.6 The global beauty research (aka com.appems.topgirl) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6017 | Lazyer | Cryptographic Issues vulnerability in Lazyer Doodle Drop 1.0 The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6016 | Celluloidapp | Cryptographic Issues vulnerability in Celluloidapp Celluloid 1.3 The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6015 | Tucarro | Cryptographic Issues vulnerability in Tucarro 2.0.5 The TuCarro (aka com.tucarro) application 2.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6014 | Ingen Studios | Cryptographic Issues vulnerability in Ingen-Studios Conquest of Fantasia 1.0.1 The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6013 | Nuphoto | Cryptographic Issues vulnerability in Nuphoto Nusquare 1.0.78 The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6012 | Toddm | Cryptographic Issues vulnerability in Toddm Gravity Bounce 1.1 The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6011 | Formnage | Cryptographic Issues vulnerability in Formnage Cutprice 1.0.4 The cutprice (aka kr.co.wedoit.cutprice) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6010 | Awesomewidgets | Cryptographic Issues vulnerability in Awesomewidgets Rasta Weed Widgets HD 4.0 The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6009 | Zombie Detector Project | Cryptographic Issues vulnerability in Zombie Detector Project Zombie Detector 1.2 The Zombie Detector (aka com.jimmybolstad.zombiedetector) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6008 | Secondfiction | Cryptographic Issues vulnerability in Secondfiction Blitz Bingo 2.3 The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6007 | Likeheroapp | Cryptographic Issues vulnerability in Likeheroapp Likehero GET Instagram Likes 1.0.7 The LikeHero Get Instagram Likes (aka com.fraoula.likehero) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6006 | Gratta Vinci Project | The Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application 0.21.13167.93474 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6005 | Survey COM | Cryptographic Issues vulnerability in Survey.Com Mobile 3.2.16 The Survey.com Mobile (aka com.survey.android) application 3.2.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6004 | Pocket CAM Photo Editor Project | Cryptographic Issues vulnerability in Pocket CAM Photo Editor Project Pocket CAM Photo Editor 3.0 The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6003 | Belasfrasesdeamor | Cryptographic Issues vulnerability in Belasfrasesdeamor Belas Frases DE Amor 1.0 The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6002 | Dteenergy | Cryptographic Issues vulnerability in Dteenergy DTE Energy 3.0.3 The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6001 | Gewara | Cryptographic Issues vulnerability in Gewara 5.2.3 The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-6000 | Freshdirect | Cryptographic Issues vulnerability in Freshdirect 2.7.1 The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5999 | Telenavsoftware | Cryptographic Issues vulnerability in Telenavsoftware Autonavi 4.6.1 The autonavi (aka com.telenav.doudouyou.android.autonavi) application 4.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5998 | Skydrive Assistant Project | Cryptographic Issues vulnerability in Skydrive Assistant Project Skydrive Assistant 2.1 The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5997 | Autotrader CO ZA | Cryptographic Issues vulnerability in Autotrader.Co.Za Auto Trader 2.0 The Auto Trader (aka za.co.autotrader.android.app) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5996 | Gebrauchtwagenreport | Cryptographic Issues vulnerability in Gebrauchtwagenreport Dekra Used CAR Report 3.0.0 The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5995 | Ericpol | Cryptographic Issues vulnerability in Ericpol Ewus Mobile 1.4.5 The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5994 | Ding | Cryptographic Issues vulnerability in Ding Ezetop. Top-Up ANY Phone 1.3.4 The ding* ezetop. | 5.4 |
2014-09-22 | CVE-2014-5993 | Preplaysports | Cryptographic Issues vulnerability in Preplaysports MLB Preplay 5.4.2 The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5992 | Successsecrets Project | Cryptographic Issues vulnerability in Successsecrets Project Successsecrets 1.2.3 The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5991 | Skin Conditions AND Diseases Project | Cryptographic Issues vulnerability in Skin Conditions and Diseases Project Skin Conditions and Diseases 2.1 The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5984 | Playcomo | Cryptographic Issues vulnerability in Playcomo Little Dragons 1.0.256 The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5983 | Threadflip | Cryptographic Issues vulnerability in Threadflip BUY Sell Fashion 1.1.11 The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5982 | Runkeeper | Cryptographic Issues vulnerability in Runkeeper - GPS Track RUN Walk 4.7 The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5971 | Fiksu | Cryptographic Issues vulnerability in Fiksu Library The Fiksu library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5809 | Geniuscloud | Cryptographic Issues vulnerability in Geniuscloud Smart Browser 2.0 The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-22 | CVE-2014-5665 | Mr384 | Cryptographic Issues vulnerability in Mr384 Mzone Login 1.2.0 The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-09-24 | CVE-2014-3380 | Cisco | Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager Platform 4.4(.3) Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063. | 5.0 |
2014-09-23 | CVE-2014-3106 | IBM | Improper Authentication vulnerability in IBM Rational Clearcase IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature. | 5.0 |
2014-09-23 | CVE-2014-3105 | IBM | Information Exposure vulnerability in IBM Rational Clearcase The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests. | 5.0 |
2014-09-23 | CVE-2014-3104 | IBM | Resource Management Errors vulnerability in IBM Rational Clearcase IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2014-09-23 | CVE-2014-3103 | IBM | Information Exposure vulnerability in IBM Rational Clearcase The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
2014-09-23 | CVE-2014-3101 | IBM | Improper Authentication vulnerability in IBM Rational Clearcase The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack. | 5.0 |
2014-09-23 | CVE-2014-3090 | IBM | XML Entity Expansion Denial of Service vulnerability in IBM Rational ClearCase IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | 5.0 |
2014-09-22 | CVE-2014-5320 | Bump Project | Information Exposure vulnerability in Bump Project Bump The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | 5.0 |
2014-09-28 | CVE-2014-2639 | HP | Code Injection vulnerability in HP Mpio Device Specific Module Manager 4.01.00 Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. | 4.6 |
2014-09-26 | CVE-2014-7152 | Mailchimp | Cross-Site Scripting vulnerability in Mailchimp Easy Mailchimp Forms Plugin Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php. | 4.3 |
2014-09-26 | CVE-2014-6445 | Contactus | Cross-Site Scripting vulnerability in Contactus Contact Form 7 Integrations Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter. | 4.3 |
2014-09-26 | CVE-2014-4958 | Telerik | Cross-Site Scripting vulnerability in Telerik Asp.Net Ajax Radeditor Control 2009.3.1208.20/2014.1.403.35 Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes. | 4.3 |
2014-09-26 | CVE-2014-5315 | Adobe | Cross-Site Scripting vulnerability in Adobe Acrobat and Coldfusion Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-22 | CVE-2014-3595 | Redhat Suse | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging. | 4.3 |
2014-09-22 | CVE-2012-5700 | Babygekko | Cross-Site Scripting vulnerability in Babygekko Baby Gekko Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. | 4.3 |
2014-09-22 | CVE-2014-5322 | Filemaker | Cross-Site Scripting vulnerability in Filemaker PRO and Filemaker PRO Advanced Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-22 | CVE-2014-5316 | Dotclear | Cross-Site Scripting vulnerability in Dotclear Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. | 4.3 |
3 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2014-09-27 | CVE-2014-5459 | PHP Oracle Opensuse | Link Following vulnerability in multiple products The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions. | 3.6 |
2014-09-23 | CVE-2014-4770 | IBM | Cross-Site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2014-09-23 | CVE-2014-6091 | IBM | Cross-Site Scripting vulnerability in IBM Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |