Weekly Vulnerabilities Reports > September 22 to 28, 2014

Overview

242 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 270 products from 201 vendors including Linux, IBM, Cisco, GNU, and Opensuse. Vulnerabilities are notably categorized as "Cryptographic Issues", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Resource Management Errors", and "OS Command Injection".

  • 47 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 20 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 237 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 15 reported vulnerabilities.
  • GNU has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-28 CVE-2014-7187 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Bash

Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nested for loops, aka the "word_lineno" issue.

10.0
2014-09-28 CVE-2014-7186 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Bash

The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here documents, aka the "redir_stack" issue.

10.0
2014-09-27 CVE-2014-6277 GNU OS Command Injection vulnerability in GNU Bash

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

10.0
2014-09-25 CVE-2014-7169 GNU OS Command Injection vulnerability in GNU Bash

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

10.0
2014-09-24 CVE-2014-6271 GNU OS Command Injection vulnerability in GNU Bash

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

10.0
2014-09-23 CVE-2014-4752 IBM Unspecified vulnerability in IBM products

IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.

10.0
2014-09-27 CVE-2014-3062 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.1.0/7.2.0

Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors.

9.3

18 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-28 CVE-2014-3535 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) by sending invalid packets to a VxLAN interface.

7.8
2014-09-28 CVE-2014-7145 Redhat
Linux
Canonical
Resource Management Errors vulnerability in multiple products

The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly have unspecified other impact by deleting the IPC$ share during resolution of DFS referrals.

7.8
2014-09-28 CVE-2014-6417 Linux Resource Management Errors vulnerability in Linux Kernel

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.

7.8
2014-09-28 CVE-2014-6416 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have unspecified other impact via a long unencrypted auth ticket.

7.8
2014-09-25 CVE-2014-3360 Cisco OS Command Injection vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allow remote attackers to cause a denial of service (device reload) via a crafted SIP message, aka Bug ID CSCul46586.

7.8
2014-09-25 CVE-2014-3359 Cisco Resource Management Errors vulnerability in Cisco IOS and IOS XE

Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081.

7.8
2014-09-25 CVE-2014-3358 Cisco OS Command Injection vulnerability in Cisco IOS and IOS XE

Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950.

7.8
2014-09-25 CVE-2014-3357 Cisco OS Command Injection vulnerability in Cisco IOS and IOS XE

Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866.

7.8
2014-09-25 CVE-2014-3356 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XE

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCue22753.

7.8
2014-09-25 CVE-2014-3355 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS XE

The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE 3.3.xXO before 3.3.1XO, 3.6.xS and 3.7.xS before 3.7.6S, and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allows remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCug75942.

7.8
2014-09-25 CVE-2014-3354 Cisco Improper Input Validation vulnerability in Cisco IOS and IOS XE

Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x and 3.x before 3.7.4S; 3.2.xSE and 3.3.xSE before 3.3.2SE; 3.3.xSG and 3.4.xSG before 3.4.4SG; and 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S allow remote attackers to cause a denial of service (device reload) via malformed RSVP packets, aka Bug ID CSCui11547.

7.8
2014-09-26 CVE-2014-6446 Infusionsoft Gravity Forms Project Code Injection vulnerability in Infusionsoft Gravity Forms Project Infusionsoft Gravity Forms

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.

7.5
2014-09-25 CVE-2014-1568 Google
Apple
Microsoft
Mozilla
Cryptographic Issues vulnerability in Google Chrome

Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue.

7.5
2014-09-28 CVE-2014-3631 Linux Local Denial of Service vulnerability in Linux Kernel

The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation.

7.2
2014-09-22 CVE-2014-0484 Canonical Permissions, Privileges, and Access Controls vulnerability in Canonical Acpi-Support 0.140

The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

7.2
2014-09-22 CVE-2014-2942 Cobham Credentials Management vulnerability in Cobham Aviator 700D and Aviator 700E

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

7.2
2014-09-28 CVE-2014-6418 Linux Resource Management Errors vulnerability in Linux Kernel

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor.

7.1
2014-09-25 CVE-2014-3361 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IOS

The ALG module in Cisco IOS 15.0 through 15.4 does not properly implement SIP over NAT, which allows remote attackers to cause a denial of service (device reload) via multipart SDP IPv4 traffic, aka Bug ID CSCun54071.

7.1

211 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-28 CVE-2014-0205 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that triggers a zero count.

6.9
2014-09-28 CVE-2014-3186 Linux
Google
Buffer Errors vulnerability in Linux Kernel

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.

6.9
2014-09-28 CVE-2014-3185 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.

6.9
2014-09-28 CVE-2014-3183 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report.

6.9
2014-09-28 CVE-2014-3182 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.

6.9
2014-09-28 CVE-2014-3181 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.

6.9
2014-09-23 CVE-2014-4973 Eset Improper Input Validation vulnerability in Eset Endpoint Security and Smart Security

The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the Firewall Module Build 1183 (20140214) and earlier in ESET Smart Security and ESET Endpoint Security products 5.0 through 7.0 allows local users to gain privileges via a crafted argument to a 0x830020CC IOCTL call.

6.9
2014-09-22 CVE-2014-6602 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Nokia Asha 501 and Nokia Asha 501 Software

Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.

6.6
2014-09-26 CVE-2014-5324 Najeebmedia Code Injection vulnerability in Najeebmedia N-Media File Uploader 3.0/3.1/3.2

Unrestricted file upload vulnerability in the N-Media file uploader plugin before 3.4 for WordPress allows remote authenticated users to execute arbitrary PHP code by leveraging Author privileges to store a file.

6.5
2014-09-22 CVE-2014-7153 Huge IT SQL Injection vulnerability in Huge-It Image Gallery 1.0.1

SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.

6.5
2014-09-26 CVE-2014-5319 S Link Path Traversal vulnerability in S-Link Slfilemanager

Directory traversal vulnerability in the S-Link SLFileManager application 1.2.5 and earlier for Android allows remote attackers to write to files via unspecified vectors.

6.4
2014-09-23 CVE-2014-4816 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server

Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.0
2014-09-26 CVE-2014-5318 JIG Permissions, Privileges, and Access Controls vulnerability in JIG Jigbrowser+ 1.8.0

The jigbrowser+ application 1.8.1 and earlier for iOS allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

5.8
2014-09-23 CVE-2014-5392 SOS XML External Entity Injection vulnerability in JobScheduler

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

5.8
2014-09-22 CVE-2014-5321 Filemaker Cryptographic Issues vulnerability in Filemaker PRO and Filemaker PRO Advanced

FileMaker Pro before 13 and Pro Advanced before 13 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.8
2014-09-28 CVE-2014-6771 Uhcu Cryptographic Issues vulnerability in Uhcu United Heritage Mobile 1.1

The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6770 Apppasta Cryptographic Issues vulnerability in Apppasta Aerospace Jobs 1.399

The Aerospace Jobs (aka com.app_aerospacejobs.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6769 Mobilesoft Cryptographic Issues vulnerability in Mobilesoft Meteo Belgique 3.2

The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6768 Anywhere Anytime Yoga Workout Project Cryptographic Issues vulnerability in Anywhere Anytime Yoga Workout Project Anywhere Anytime Yoga Workout 1

The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6767 Denki Cryptographic Issues vulnerability in Denki Juggle! Free 3.0.0

The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6766 Afro Beat Project Cryptographic Issues vulnerability in Afro-Beat Project Afro-Beat 0.2

The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6765 Mibizapps Cryptographic Issues vulnerability in Mibizapps NO Fuss Home Loans 1.0035.B0035

The No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application 1.0035.b0035 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6764 Assyrianapp Cryptographic Issues vulnerability in Assyrianapp Assyrian 2.2

The Assyrian (aka com.b2.assyrian.activity) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6763 Secondfiction Cryptographic Issues vulnerability in Secondfiction Codename Birdgame 1

The Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6762 Bongomovie Project Cryptographic Issues vulnerability in Bongomovie Project Bongomovie 1

The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6761 Pimpstore Cryptographic Issues vulnerability in Pimpstore Aprende A Meditar 1

The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6760 Haremthief Cryptographic Issues vulnerability in Haremthief Harem Thief Dating 1.2.1

The Harem Thief Dating (aka com.haremthief.haremthief) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6759 Downton Abbey FAN Portal Project Cryptographic Issues vulnerability in Downton Abbey FAN Portal Project Downton Abbey FAN Portal 1

The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6758 Mgsasia Cryptographic Issues vulnerability in Mgsasia QIN Story 1

The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application 1.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6757 Allqoranvideos Cryptographic Issues vulnerability in Allqoranvideos Koran - Alqoranvideos 1

The Koran - AlqoranVideos (aka com.alqoran.videos.example) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6756 Biais Cryptographic Issues vulnerability in Biais Reddit AWW 1.2.1

The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6755 Shiftdelete Cryptographic Issues vulnerability in Shiftdelete SDN Forum 3.6.5

The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application 3.6.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6754 Vector Cryptographic Issues vulnerability in Vector Outage Manager 1.7

The Vector Outage Manager (aka nz.co.vector.outagemanager) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6753 Halanew Cryptographic Issues vulnerability in Halanew Sunnat E Rasool 2

The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6752 Mindless Behavior FAN Base Project Cryptographic Issues vulnerability in Mindless Behavior FAN Base Project Mindless Behavior FAN Base 1

The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6751 Grasshopper Cryptographic Issues vulnerability in Grasshopper Beta 2.1

The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6750 0 99 Kindle Books Project Cryptographic Issues vulnerability in $0.99 Kindle Books Project $0.99 Kindle Books 6

The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6749 Ananursespace Cryptographic Issues vulnerability in Ananursespace American Nurses Association 1.0.0

The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-28 CVE-2014-6748 Gemaire Cryptographic Issues vulnerability in Gemaire Gemaire'S Hvac Assist 5

The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6747 Seeon Cryptographic Issues vulnerability in Seeon 4.0.7

The SeeOn (aka com.seeon) application 4.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6746 Infinitiusa Cryptographic Issues vulnerability in Infinitiusa Infiniti Roadside Assistance 1.1

The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6745 Sosocome Cryptographic Issues vulnerability in Sosocome Family Location 3.4

The Family Location (aka com.sosocome.family) application 3.4 2014-5-20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6744 AL Ahsa News Project Cryptographic Issues vulnerability in Al-Ahsa News Project Al-Ahsa News 2

The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6743 Lipbrau Cryptographic Issues vulnerability in Lipbrau Hearsay: A Social Party Game 1.7.000

The Hearsay: A Social Party Game (aka air.com.lip.per) application 1.7.000 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6742 ALL Around Cyprus Project Cryptographic Issues vulnerability in ALL Around Cyprus Project ALL Around Cyprus 2.11

The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6741 Tribunenews365 Cryptographic Issues vulnerability in Tribunenews365 John Macarthur 1.0.26

The John MacArthur (aka com.john.macarthur) application 1.0.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6740 Xdforum Cryptographic Issues vulnerability in Xdforum XD Forum 3.9.17

The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6739 Healthways Cryptographic Issues vulnerability in Healthways Well-Being Connect Mobile 2.9

The Well-Being Connect Mobile (aka com.healthways.wellbeinggo) application 2.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6738 Joungouapps Cryptographic Issues vulnerability in Joungouapps Maccabi TEL Aviv 1

The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6737 Ultimate Target Armored Sniper Project Cryptographic Issues vulnerability in Ultimate Target-Armored Sniper Project Ultimate Target-Armored Sniper 1.0.1

The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6736 9Jacompass Cryptographic Issues vulnerability in 9Jacompass EPL HAT Trick 1

The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6735 Bmobile Cryptographic Issues vulnerability in Bmobile Imagine Next Bmobile 1.7.10.243

The imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application 1.7.10.243 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-27 CVE-2014-6734 Gcspublishing Cryptographic Issues vulnerability in Gcspublishing Wine Making 3.7.15

The Wine Making (aka com.gcspublishing.winemakingtalk) application 3.7.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6733 T Mobile Cryptographic Issues vulnerability in T-Mobile MY T-Mobile @7F0C0030

The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6732 Westpac Cryptographic Issues vulnerability in Westpac Mobile Banking 5.21

The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6731 Alfabank Cryptographic Issues vulnerability in Alfabank Alfa-Bank 5.5.1.1

The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6730 Melodigram Cryptographic Issues vulnerability in Melodigram 1.1

The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6729 Grillingwithrich Cryptographic Issues vulnerability in Grillingwithrich Grilling With Rich 1

The Grilling with Rich (aka com.grilling.with.rich) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6728 Mythinkpal Cryptographic Issues vulnerability in Mythinkpal Thinkpal 1.6.3

The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6727 Automon Cryptographic Issues vulnerability in Automon Mikeius 1.4.2.0

The Mikeius (Official App) (aka com.automon.mikeius) application 1.4.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6726 30A Cryptographic Issues vulnerability in 30A 5.26.2

The 30A (aka com.app30a) application 5.26.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6725 Apprenticeuitgevers Cryptographic Issues vulnerability in Apprenticeuitgevers Schoolxm 1.2

The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6724 Soapmakingforum Cryptographic Issues vulnerability in Soapmakingforum Soap Making 3.7.13

The Soap Making (aka com.tapatalk.soapmakingforumcom) application 3.7.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6723 Comicsplusapp Cryptographic Issues vulnerability in Comicsplusapp Comics Plus 1.06

The Comics Plus (aka com.iversecomics.comicsplus.android) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6722 Clearfishing Cryptographic Issues vulnerability in Clearfishing Pescuit Crap Lite 1

The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6721 Pharmaguideline Cryptographic Issues vulnerability in Pharmaguideline 1.2.0

The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6720 Clearfishing Cryptographic Issues vulnerability in Clearfishing Pesca DE Carpa Lite 1.0

The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-26 CVE-2014-6719 Rapidmedia Cryptographic Issues vulnerability in Rapidmedia Kayak Angler Magazine 3.12.0

The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application 3.12.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6718 Mymobileday1 Cryptographic Issues vulnerability in Mymobileday1 MY Mobile DAY 1.3

The My Mobile Day (aka com.mymobileday) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6717 Itriagehealth Cryptographic Issues vulnerability in Itriagehealth Itriage Health 5.29

The iTriage Health (aka com.healthagen.iTriage) application 5.29 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6716 Fastin Project Cryptographic Issues vulnerability in Fastin Project Fastin 1

The fastin (aka moda.azyae.fastin.net) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6715 Popoinnovation Cryptographic Issues vulnerability in Popoinnovation Slotmachine 1.03

The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6714 Webmd Cryptographic Issues vulnerability in Webmd 3.5

The WebMD (aka com.webmd.android) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6713 Medquiz Cryptographic Issues vulnerability in Medquiz: Medical Chat and Mcqs Project Medquiz: Medical Chat and Mcqs 1.5

The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6712 Iata Cryptographic Issues vulnerability in Iata Airlines International 1

The Airlines International (aka org.iata.IAMagazine) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6711 Nobexrc Cryptographic Issues vulnerability in Nobexrc ABC Lounge Webradio 3.3.10

The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6710 Chifro Cryptographic Issues vulnerability in Chifro Kids Coloring Game 1.6

The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6709 Techradar News Project Cryptographic Issues vulnerability in Techradar News Project Techradar News 1

The TechRadar News (aka com.techradar.news) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6708 Sportinginnovations Cryptographic Issues vulnerability in Sportinginnovations Utah Jazz 2.0.0

The Sporting Club Uphoria (aka com.sportinginnovations.skc) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6707 7Sage Cryptographic Issues vulnerability in 7Sage Lsat Prep - Proctor 2.1.1

The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6706 Erau Cryptographic Issues vulnerability in Erau Embry-Riddle 1.4.04

The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6705 Maher Zain Project Cryptographic Issues vulnerability in Maher Zain Project Maher Zain 1.1

The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6704 Sportinginnovations Cryptographic Issues vulnerability in Sportinginnovations Utah Jazz 2.0.0

The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6703 Phonearabs4 Project Cryptographic Issues vulnerability in Phonearabs4 Project Phonearabs4 1.4

The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-25 CVE-2014-6702 Starsat Cryptographic Issues vulnerability in Starsat International 1.41.54.9222

The StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application 1.41.54.9222 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6701 Vendormate Cryptographic Issues vulnerability in Vendormate Mobile 3.0

The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6700 NBA Cryptographic Issues vulnerability in NBA Game Time 2013-2014 4.11

The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application 4.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6699 Weather Cryptographic Issues vulnerability in Weather Channel 5.2.0

The Weather Channel (aka com.weather.Weather) application 5.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6698 IGG Cryptographic Issues vulnerability in IGG Galaxy Online 2 1.2.3

The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6697 Mobilesoft Cryptographic Issues vulnerability in Mobilesoft Morocco Weather 3.1

The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6696 Candy Girl Party Makeover Project Cryptographic Issues vulnerability in Candy Girl Party Makeover Project Candy Girl Party Makeover 1.0.0.0

The Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlparty) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6695 Wedding Photo Frames Love Pics Project Cryptographic Issues vulnerability in Wedding Photo Frames-Love Pics Project Wedding Photo Frames-Love Pics 1.0

The Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6694 5Sos Family Planet Project Cryptographic Issues vulnerability in 5Sos Family Planet Project 5Sos Family Planet 2.3.4

The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-6693 Juiker Cryptographic Issues vulnerability in Juiker 3.2.0829.1

The Juiker (aka org.itri) application 3.2.0829.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-5323 Yukoyuko Cryptographic Issues vulnerability in Yukoyuko Yuko 1.0.5

The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application 1.0.5 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6692 WPS Cryptographic Issues vulnerability in WPS Kingsoft Clip (Office Tool) 1.5.1

The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6691 Ucweb Cryptographic Issues vulnerability in Ucweb UC Browser HD 3.3.1.469

The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6690 Insta ME Cryptographic Issues vulnerability in Insta.Me Instamessage - Instagram Chat 1.6.2

The InstaMessage - Instagram Chat (aka com.futurebits.instamessage.free) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6689 Jingwei Cryptographic Issues vulnerability in Jingwei JW Cards 3.8.0

The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6688 Voices Cryptographic Issues vulnerability in Voices Voices.Com 1.5

The Voices.com (aka com.voices.voices) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6687 Wsaudichannelalnas Project Cryptographic Issues vulnerability in Wsaudichannelalnas Project Wsaudichannelalnas 0.1

The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6686 Zoho Cryptographic Issues vulnerability in Zoho Books - Accounting APP 3.1.9

The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6685 Netjapan Cryptographic Issues vulnerability in Netjapan Tsushima Travel Guide 1.9

The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6684 MOL Cryptographic Issues vulnerability in MOL Bringapont 1.1

The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6683 Openelectrical Cryptographic Issues vulnerability in Openelectrical Open Electrical Webser 0.1

The Open Electrical Webser (aka com.wOpenElectricalWeb) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6682 W88235Ff7Bdc2Fb574F1789750Ea99Ed6 Project Cryptographic Issues vulnerability in W88235Ff7Bdc2Fb574F1789750Ea99Ed6 Project W88235Ff7Bdc2Fb574F1789750Ea99Ed6 0.1

The w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6681 Wordbox Cryptographic Issues vulnerability in Wordbox Mahabharata Audiocast 1.0

The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6680 Superheroquiz Project Cryptographic Issues vulnerability in Superheroquiz Project Superheroquiz 1.0

The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6679 Wepisdparentportal Project Cryptographic Issues vulnerability in Wepisdparentportal Project Wepisdparentportal 1.0

The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6678 Wordbox Cryptographic Issues vulnerability in Wordbox Algeria Radio 2.5

The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6677 Ticketroundup Cryptographic Issues vulnerability in Ticketroundup Ticket Round UP 3.0.1

The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6676 Hdcar Cryptographic Issues vulnerability in Hdcar Exercitii Pentru Abdomen 1.0

The Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdomen41E29322) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6675 Rutaexacta Cryptographic Issues vulnerability in Rutaexacta Ruta Exacta 1.0

The Ruta Exacta (aka com.rutaexacta.m) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6674 Amazighmusic Project Cryptographic Issues vulnerability in Amazighmusic Project Amazighmusic 1.0

The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6673 Zhtiantian Cryptographic Issues vulnerability in Zhtiantian Challengertx 3.9.12.5

The ChallengerTX (aka com.zhtiantian.ChallengerTX) application 3.9.12.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6672 Friendcasterapp Cryptographic Issues vulnerability in Friendcasterapp Friendcaster 5.4.5

The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6671 Letshare Cryptographic Issues vulnerability in Letshare World CUP 2014 Brazil - XEM TV 2.6

The World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) application 2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6670 Singaporemotherhood Cryptographic Issues vulnerability in Singaporemotherhood Forum 3.6.6

The SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcomforum) application 3.6.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6669 Pocketmags Cryptographic Issues vulnerability in Pocketmags Inside Crochet @7F08017A

The Inside Crochet (aka com.magazinecloner.insidecrochet) application @7F08017A for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6668 Nana Project Cryptographic Issues vulnerability in Nana Project African Radios Live 1.0.6

The African Radios Live (aka com.nana.africanradioslive) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6667 Racemotocross Project Cryptographic Issues vulnerability in Racemotocross Project Racemotocross 1.2

The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6666 Anusthanokarehasya Cryptographic Issues vulnerability in Anusthanokarehasya Baglamukhi 0.1

The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6665 Quranedu Cryptographic Issues vulnerability in Quranedu Ahmed Bukhatir Nasheeds TV 1.0

The Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6664 Latin Angels Music HD Project Cryptographic Issues vulnerability in Latin Angels Music HD Project Latin Angels Music HD 2.0

The Latin Angels Music HD (aka com.applizards.lafreetj) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6663 Addisgag Cryptographic Issues vulnerability in Addisgag Addis GAG Funny Amharic PIC 0.1

The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6662 Krstarica Cryptographic Issues vulnerability in Krstarica Forum Krstarice 3.5.14

The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application 3.5.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6661 163 Cryptographic Issues vulnerability in 163 Netease Movie 4.7.2

The netease movie (aka com.netease.movie) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6660 Blogkamek Cryptographic Issues vulnerability in Blogkamek Koleksi Hadis Nabi SAW 0.1

The Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6659 Defence Cryptographic Issues vulnerability in Defence Defence.Pk 2.4.13.1

The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6658 Apploi Cryptographic Issues vulnerability in Apploi JOB Search- Find Jobs 4.19

The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6657 Alhazai Cryptographic Issues vulnerability in Alhazai Leadership Newspapers 1.2

The Leadership Newspapers (aka com.LeadershipNewspapers) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6656 Drar EYM Cryptographic Issues vulnerability in Drar-Eym Drareym 0.1

The drareym (aka com.drareym) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6655 Exoticpetnetwork Cryptographic Issues vulnerability in Exoticpetnetwork Tortoise Forum 3.5.16

The Tortoise Forum (aka org.tortoiseforum.android.forumrunner) application 3.5.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6654 Wtrootrootvizle Project Cryptographic Issues vulnerability in Wtrootrootvizle Project Wtrootrootvizle 0.1

The wTrootrooTvIzle (aka com.wTrootrooTvIzle) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6653 Wordboxapps Cryptographic Issues vulnerability in Wordboxapps Afghan Radio 2.5

The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6652 Wizaz Cryptographic Issues vulnerability in Wizaz Forum 3.6.4

The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6651 Planetofthevapes Cryptographic Issues vulnerability in Planetofthevapes Planet of the Vapes Forum 3.7.9

The Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukforums) application 3.7.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6650 Nextgenupdate Cryptographic Issues vulnerability in Nextgenupdate 3.1.6

The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application 3.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6649 Mybroadband Cryptographic Issues vulnerability in Mybroadband Tapatalk 3.9.22

The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application 3.9.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6648 Iphone4 Cryptographic Issues vulnerability in Iphone4 Iphone4.Tw 3.3.20

The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6647 Santiagosarceda Cryptographic Issues vulnerability in Santiagosarceda Elforro.Com 2.4.3.10

The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-23 CVE-2014-6646 Bellyhoodcom Project Cryptographic Issues vulnerability in Bellyhoodcom Project Bellyhoodcom 3.4.23

The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6645 Batch Cryptographic Issues vulnerability in Batch Library

The Batch library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6643 Fiatforum Cryptographic Issues vulnerability in Fiatforum Fiat Forum 3.8.41

The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6642 Marksdailyapple Cryptographic Issues vulnerability in Marksdailyapple Mark'S Daily Apple Forum 2.9.4.3

The Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application 2.4.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6641 Gcspublishing Cryptographic Issues vulnerability in Gcspublishing Homesteading Today 3.7.14

The Homesteading Today (aka com.tapatalk.homesteadingtodaycom) application 3.7.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6640 DNB Cryptographic Issues vulnerability in DNB Trade 1.0

The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6639 Tiomobilepay Cryptographic Issues vulnerability in Tiomobilepay TIO Mobilepay - Bill Payments 1.1.1

The TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6638 Wtmdesktop Project Cryptographic Issues vulnerability in Wtmdesktop Project Wtmdesktop 1.0

The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6637 Praninc Cryptographic Issues vulnerability in Praninc Facebook Facts 0.1

The Facebook Facts (aka com.wFacebookFacts) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6636 Rsupport Cryptographic Issues vulnerability in Rsupport LG Telepresence 2.0.12

The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 Build 63 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6023 S Peek Cryptographic Issues vulnerability in S-Peek Credit Rating Report 2.1.3

The s-peek credit rating report (aka com.rhomobile.speek) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6022 Versentbooks Cryptographic Issues vulnerability in Versentbooks Versent Books 1.1.99

The Versent Books (aka com.versentbooks) application 1.1.99 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6021 H Dvisa Cryptographic Issues vulnerability in H-Dvisa Harley-Davidson Visa 1.18

The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6020 Fuelrewards Cryptographic Issues vulnerability in Fuelrewards Fuel Rewards Network 1.0

The Fuel Rewards Network (aka com.excentus.frn) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6019 Psychology Project Cryptographic Issues vulnerability in Psychology Project Psychology 1.0.2

The psychology (aka com.alek.psychology) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6018 Global Beauty Research Project Cryptographic Issues vulnerability in Global Beauty Research Project Global Beauty Research 1.6

The global beauty research (aka com.appems.topgirl) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6017 Lazyer Cryptographic Issues vulnerability in Lazyer Doodle Drop 1.0

The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6016 Celluloidapp Cryptographic Issues vulnerability in Celluloidapp Celluloid 1.3

The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6015 Tucarro Cryptographic Issues vulnerability in Tucarro 2.0.5

The TuCarro (aka com.tucarro) application 2.0.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6014 Ingen Studios Cryptographic Issues vulnerability in Ingen-Studios Conquest of Fantasia 1.0.1

The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6013 Nuphoto Cryptographic Issues vulnerability in Nuphoto Nusquare 1.0.78

The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6012 Toddm Cryptographic Issues vulnerability in Toddm Gravity Bounce 1.1

The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6011 Formnage Cryptographic Issues vulnerability in Formnage Cutprice 1.0.4

The cutprice (aka kr.co.wedoit.cutprice) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6010 Awesomewidgets Cryptographic Issues vulnerability in Awesomewidgets Rasta Weed Widgets HD 4.0

The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application 4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6009 Zombie Detector Project Cryptographic Issues vulnerability in Zombie Detector Project Zombie Detector 1.2

The Zombie Detector (aka com.jimmybolstad.zombiedetector) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6008 Secondfiction Cryptographic Issues vulnerability in Secondfiction Blitz Bingo 2.3

The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6007 Likeheroapp Cryptographic Issues vulnerability in Likeheroapp Likehero GET Instagram Likes 1.0.7

The LikeHero Get Instagram Likes (aka com.fraoula.likehero) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6006 Gratta Vinci Project The Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application 0.21.13167.93474 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2014-09-22 CVE-2014-6005 Survey COM Cryptographic Issues vulnerability in Survey.Com Mobile 3.2.16

The Survey.com Mobile (aka com.survey.android) application 3.2.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6004 Pocket CAM Photo Editor Project Cryptographic Issues vulnerability in Pocket CAM Photo Editor Project Pocket CAM Photo Editor 3.0

The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6003 Belasfrasesdeamor Cryptographic Issues vulnerability in Belasfrasesdeamor Belas Frases DE Amor 1.0

The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6002 Dteenergy Cryptographic Issues vulnerability in Dteenergy DTE Energy 3.0.3

The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6001 Gewara Cryptographic Issues vulnerability in Gewara 5.2.3

The gewara (aka com.gewara) application 5.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-6000 Freshdirect Cryptographic Issues vulnerability in Freshdirect 2.7.1

The FreshDirect (aka com.freshdirect.android) application 2.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5999 Telenavsoftware Cryptographic Issues vulnerability in Telenavsoftware Autonavi 4.6.1

The autonavi (aka com.telenav.doudouyou.android.autonavi) application 4.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5998 Skydrive Assistant Project Cryptographic Issues vulnerability in Skydrive Assistant Project Skydrive Assistant 2.1

The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5997 Autotrader CO ZA Cryptographic Issues vulnerability in Autotrader.Co.Za Auto Trader 2.0

The Auto Trader (aka za.co.autotrader.android.app) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5996 Gebrauchtwagenreport Cryptographic Issues vulnerability in Gebrauchtwagenreport Dekra Used CAR Report 3.0.0

The DEKRA Used Car Report (aka com.dekra.maengelreport) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5995 Ericpol Cryptographic Issues vulnerability in Ericpol Ewus Mobile 1.4.5

The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5994 Ding Cryptographic Issues vulnerability in Ding Ezetop. Top-Up ANY Phone 1.3.4

The ding* ezetop.

5.4
2014-09-22 CVE-2014-5993 Preplaysports Cryptographic Issues vulnerability in Preplaysports MLB Preplay 5.4.2

The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5992 Successsecrets Project Cryptographic Issues vulnerability in Successsecrets Project Successsecrets 1.2.3

The successsecrets (aka com.alek.successsecrets) application 1.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5991 Skin Conditions AND Diseases Project Cryptographic Issues vulnerability in Skin Conditions and Diseases Project Skin Conditions and Diseases 2.1

The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5984 Playcomo Cryptographic Issues vulnerability in Playcomo Little Dragons 1.0.256

The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5983 Threadflip Cryptographic Issues vulnerability in Threadflip BUY Sell Fashion 1.1.11

The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application 1.1.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5982 Runkeeper Cryptographic Issues vulnerability in Runkeeper - GPS Track RUN Walk 4.7

The RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application 4.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5971 Fiksu Cryptographic Issues vulnerability in Fiksu Library

The Fiksu library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5809 Geniuscloud Cryptographic Issues vulnerability in Geniuscloud Smart Browser 2.0

The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-22 CVE-2014-5665 Mr384 Cryptographic Issues vulnerability in Mr384 Mzone Login 1.2.0

The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

5.4
2014-09-24 CVE-2014-3380 Cisco Resource Management Errors vulnerability in Cisco Unified Communications Domain Manager Platform 4.4(.3)

Cisco Unified Communications Domain Manager Platform Software 4.4(.3) and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending crafted TCP packets quickly, aka Bug ID CSCuo42063.

5.0
2014-09-23 CVE-2014-3106 IBM Improper Authentication vulnerability in IBM Rational Clearcase

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not properly implement the Local Access Only protection mechanism, which allows remote attackers to bypass authentication and read files via the Help Server Administration feature.

5.0
2014-09-23 CVE-2014-3105 IBM Information Exposure vulnerability in IBM Rational Clearcase

The OSLC integration feature in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of requests.

5.0
2014-09-23 CVE-2014-3104 IBM Resource Management Errors vulnerability in IBM Rational Clearcase

IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5.0
2014-09-23 CVE-2014-3103 IBM Information Exposure vulnerability in IBM Rational Clearcase

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

5.0
2014-09-23 CVE-2014-3101 IBM Improper Authentication vulnerability in IBM Rational Clearcase

The login form in the Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not insert a delay after a failed authentication attempt, which makes it easier for remote attackers to obtain access via a brute-force attack.

5.0
2014-09-23 CVE-2014-3090 IBM XML Entity Expansion Denial of Service vulnerability in IBM Rational ClearCase

IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

5.0
2014-09-22 CVE-2014-5320 Bump Project Information Exposure vulnerability in Bump Project Bump

The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application.

5.0
2014-09-28 CVE-2012-6657 Linux
Novell
Permissions, Privileges, and Access Controls vulnerability in Linux Kernel

The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.

4.9
2014-09-28 CVE-2014-6410 Linux Resource Management Errors vulnerability in Linux Kernel

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode.

4.7
2014-09-28 CVE-2014-3184 Linux Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel

The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c.

4.7
2014-09-28 CVE-2014-2639 HP Code Injection vulnerability in HP Mpio Device Specific Module Manager 4.01.00

Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors.

4.6
2014-09-22 CVE-2014-3635 D BUS Project
Opensuse
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure.

4.4
2014-09-26 CVE-2014-7152 Mailchimp Cross-Site Scripting vulnerability in Mailchimp Easy Mailchimp Forms Plugin

Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the update_options action to wp-admin/admin-ajax.php.

4.3
2014-09-26 CVE-2014-6445 Contactus Cross-Site Scripting vulnerability in Contactus Contact Form 7 Integrations

Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.

4.3
2014-09-26 CVE-2014-4958 Telerik Cross-Site Scripting vulnerability in Telerik Asp.Net Ajax Radeditor Control 2009.3.1208.20/2014.1.403.35

Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.

4.3
2014-09-26 CVE-2014-5315 Adobe Cross-Site Scripting vulnerability in Adobe Acrobat and Coldfusion

Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-09-22 CVE-2014-3595 Redhat Cross-Site Scripting vulnerability in Redhat Network Satellite and Spacewalk-Java

Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

4.3
2014-09-22 CVE-2012-5700 Babygekko Cross-Site Scripting vulnerability in Babygekko Baby Gekko

Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php.

4.3
2014-09-22 CVE-2014-5322 Filemaker Cross-Site Scripting vulnerability in Filemaker PRO and Filemaker PRO Advanced

Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 13 and Pro Advanced before 13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2014-09-22 CVE-2014-5316 Dotclear Cross-Site Scripting vulnerability in Dotclear

Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2014-09-27 CVE-2014-5459 PHP
Oracle
Opensuse
Link Following vulnerability in multiple products

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

3.6
2014-09-23 CVE-2014-4770 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 6.x through 6.1.0.47, 7.0 before 7.0.0.35, 8.0 before 8.0.0.10, and 8.5 before 8.5.5.4 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-09-23 CVE-2014-6091 IBM Cross-Site Scripting vulnerability in IBM Curam Social Program Management

Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management (SPM) 6.0.4 before 6.0.4.5 iFix7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2014-09-22 CVE-2014-3639 Opensuse
D BUS Project
Resource Management Errors vulnerability in multiple products

The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections.

2.1
2014-09-22 CVE-2014-3638 D BUS Project
Opensuse
Resource Management Errors vulnerability in multiple products

The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls.

2.1
2014-09-22 CVE-2014-3637 D BUS Project
Opensuse
Code vulnerability in multiple products

D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor.

2.1