CVEs from 2014
Total
7,862
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
9.8%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3967 | medium | — | 5.5 | 12y ago | The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not properly check the return value from the IRQ setup check, which allows local HVM guest administrators to cause a denial of servic… | |||
| CVE-2014-3835 | medium | — | 5.5 | 12y ago | ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vect… | |||
| CVE-2014-1685 | medium | — | 5.5 | 12y ago | The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. | |||
| CVE-2014-2986 | medium | — | 5.5 | 12y ago | The vgic_distr_mmio_write function in the virtual guest interrupt controller (GIC) distributor (arch/arm/vgic.c) in Xen 4.4.x, when running on an ARM system, allows local guest users to cause a denia… | |||
| CVE-2014-2915 | medium | — | 5.5 | 12y ago | Xen 4.4.x, when running on ARM systems, does not properly restrict access to hardware features, which allows local guest users to cause a denial of service (host or guest crash) via unspecified vecto… | |||
| CVE-2014-0642 | medium | — | 5.5 | 12y ago | EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro… | |||
| CVE-2014-0155 | medium | — | 5.5 | 12y ago | The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial… | |||
| CVE-2014-0077 | medium | — | 5.5 | 12y ago | drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memor… | |||
| CVE-2014-0055 | medium | — | 5.5 | 12y ago | The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_v… | |||
| CVE-2014-1496 | medium | 5.5 | 5.5 | 12y ago | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during… | |||
| CVE-2014-0833 | medium | — | 5.5 | 13y ago | The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intende… | |||
| CVE-2014-0678 | medium | — | 5.5 | 13y ago | The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vect… | |||
| CVE-2014-0009 | medium | — | 5.5 | 13y ago | course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requiremen… | |||
| CVE-2014-0423 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7 allows remote authenticated users to affect confidentiality and a… | |||
| CVE-2014-0367 | medium | — | 5.5 | 13y ago | Unspecified vulnerability in the Hyperion Essbase Administration Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3 allows remote authenticated users to affect confidentiality and… | |||
| CVE-2014-3531 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) descriptio… | |||
| CVE-2014-0208 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key… | |||
| CVE-2014-8957 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 allows remote authenticated users to inject arbitrary web script or HTML via the Tasks parameter. | |||
| CVE-2014-6191 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X… | |||
| CVE-2014-3887 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors… | |||
| CVE-2014-8707 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | |||
| CVE-2014-9194 | medium | — | 5.4 | 12y ago | Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. | |||
| CVE-2014-9271 | medium | 5.4 | 5.4 | 12y ago | Cross-site scripting (XSS) vulnerability in file_download.php in MantisBT before 1.2.18 allows remote authenticated users to inject arbitrary web script or HTML via a Flash file with an image extensi… | |||
| CVE-2014-9416 | medium | — | 5.4 | 12y ago | Multiple untrusted search path vulnerabilities in Huawei eSpace Desktop before V200R003C00 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc71en… | |||
| CVE-2014-7994 | medium | — | 5.4 | 12y ago | Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote attackers to execute arbitrary commands by leveraging knowledge of a cross-device secret and a per-device secret, and … | |||
| CVE-2014-8680 | medium | — | 5.4 | 12y ago | The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP database… | |||
| CVE-2014-8594 | medium | — | 5.4 | 12y ago | The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x does not properly restrict updates to only PV page tables, which allows remote PV guests to cause a denial of service (NULL pointe… | |||
| CVE-2014-4452 | medium | — | 5.4 | 12y ago | WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra… | |||
| CVE-2014-8538 | medium | — | 5.4 | 12y ago | The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7804 | medium | — | 5.4 | 12y ago | The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an… | |||
| CVE-2014-7803 | medium | — | 5.4 | 12y ago | The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2014-7802 | medium | — | 5.4 | 12y ago | The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-… | |||
| CVE-2014-7800 | medium | — | 5.4 | 12y ago | The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a… | |||
| CVE-2014-7799 | medium | — | 5.4 | 12y ago | The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2014-7798 | medium | — | 5.4 | 12y ago | The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo… | |||
| CVE-2014-7797 | medium | — | 5.4 | 12y ago | The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive … | |||
| CVE-2014-7796 | medium | — | 5.4 | 12y ago | The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and … | |||
| CVE-2014-7795 | medium | — | 5.4 | 12y ago | The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob… | |||
| CVE-2014-7794 | medium | — | 5.4 | 12y ago | The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t… | |||
| CVE-2014-7793 | medium | — | 5.4 | 12y ago | The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o… | |||
| CVE-2014-7791 | medium | — | 5.4 | 12y ago | The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7789 | medium | — | 5.4 | 12y ago | The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7788 | medium | — | 5.4 | 12y ago | The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7787 | medium | — | 5.4 | 12y ago | The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens… | |||
| CVE-2014-7786 | medium | — | 5.4 | 12y ago | The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2014-7785 | medium | — | 5.4 | 12y ago | The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to s… | |||
| CVE-2014-7784 | medium | — | 5.4 | 12y ago | The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7783 | medium | — | 5.4 | 12y ago | The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2014-7782 | medium | — | 5.4 | 12y ago | The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers… | |||
| CVE-2014-7781 | medium | — | 5.4 | 12y ago | The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac… | |||
| CVE-2014-7780 | medium | — | 5.4 | 12y ago | The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-… | |||
| CVE-2014-7779 | medium | — | 5.4 | 12y ago | The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2014-7778 | medium | — | 5.4 | 12y ago | The Epc World (aka com.magzter.epcworld) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv… | |||
| CVE-2014-7777 | medium | — | 5.4 | 12y ago | The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve… | |||
| CVE-2014-7776 | medium | — | 5.4 | 12y ago | The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2014-7775 | medium | — | 5.4 | 12y ago | The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt… | |||
| CVE-2014-7774 | medium | — | 5.4 | 12y ago | The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof se… | |||
| CVE-2014-7773 | medium | — | 5.4 | 12y ago | The Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke… | |||
| CVE-2014-7772 | medium | — | 5.4 | 12y ago | The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7771 | medium | — | 5.4 | 12y ago | The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7770 | medium | — | 5.4 | 12y ago | The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo… | |||
| CVE-2014-7769 | medium | — | 5.4 | 12y ago | The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacker… | |||
| CVE-2014-7768 | medium | — | 5.4 | 12y ago | The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7767 | medium | — | 5.4 | 12y ago | The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via… | |||
| CVE-2014-7766 | medium | — | 5.4 | 12y ago | The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates fro… | |||
| CVE-2014-7765 | medium | — | 5.4 | 12y ago | The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof se… | |||
| CVE-2014-7764 | medium | — | 5.4 | 12y ago | The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers … | |||
| CVE-2014-7763 | medium | — | 5.4 | 12y ago | The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and … | |||
| CVE-2014-7762 | medium | — | 5.4 | 12y ago | The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit… | |||
| CVE-2014-7761 | medium | — | 5.4 | 12y ago | The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2014-7760 | medium | — | 5.4 | 12y ago | The Health assistance service (aka net.nttcloud.ft.karada) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers… | |||
| CVE-2014-7759 | medium | — | 5.4 | 12y ago | The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a… | |||
| CVE-2014-7758 | medium | — | 5.4 | 12y ago | The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof ser… | |||
| CVE-2014-7757 | medium | — | 5.4 | 12y ago | The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers … | |||
| CVE-2014-7756 | medium | — | 5.4 | 12y ago | The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv… | |||
| CVE-2014-7755 | medium | — | 5.4 | 12y ago | The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers… | |||
| CVE-2014-7754 | medium | — | 5.4 | 12y ago | The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o… | |||
| CVE-2014-7753 | medium | — | 5.4 | 12y ago | The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati… | |||
| CVE-2014-7752 | medium | — | 5.4 | 12y ago | The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers … | |||
| CVE-2014-7751 | medium | — | 5.4 | 12y ago | The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7750 | medium | — | 5.4 | 12y ago | The Taster Magazine (aka com.magazinecloner.taster) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an… | |||
| CVE-2014-7749 | medium | — | 5.4 | 12y ago | The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob… | |||
| CVE-2014-7748 | medium | — | 5.4 | 12y ago | The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an… | |||
| CVE-2014-7746 | medium | — | 5.4 | 12y ago | The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t… | |||
| CVE-2014-7745 | medium | — | 5.4 | 12y ago | The Flight Manager (aka com.flightmanager.view) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2014-7744 | medium | — | 5.4 | 12y ago | The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai… | |||
| CVE-2014-7743 | medium | — | 5.4 | 12y ago | The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof server… | |||
| CVE-2014-7742 | medium | — | 5.4 | 12y ago | The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and… | |||
| CVE-2014-7741 | medium | — | 5.4 | 12y ago | The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2014-7740 | medium | — | 5.4 | 12y ago | The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof server… | |||
| CVE-2014-7739 | medium | — | 5.4 | 12y ago | The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2014-7737 | medium | — | 5.4 | 12y ago | The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se… | |||
| CVE-2014-7735 | medium | — | 5.4 | 12y ago | The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers … | |||
| CVE-2014-7734 | medium | — | 5.4 | 12y ago | The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo… | |||
| CVE-2014-7733 | medium | — | 5.4 | 12y ago | The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2014-7731 | medium | — | 5.4 | 12y ago | The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2014-7728 | medium | — | 5.4 | 12y ago | The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to… | |||
| CVE-2014-7727 | medium | — | 5.4 | 12y ago | The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensi… | |||
| CVE-2014-7726 | medium | — | 5.4 | 12y ago | The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2014-7725 | medium | — | 5.4 | 12y ago | The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers… |