CVE Daily
← All tags

Tag: Android OS

All CVEs associated with "Android OS". Page 61/76 • 9114 CVEs.

Subscribe CVEs: RSS for “Android OS”  ·  RSS (High+Critical only)

About “Android OS”

A curated feed of “Android OS”-related CVEs appears below. We currently track 9114 CVEs for this tag (all time). In the last 365 days, 361 were published. Average CVSS is 6.8 (all time; 6.1 over 365d), and 49% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-926 - Improper Export of Android Application Components, CWE-451 - User Interface (UI) Misrepresentation of Critical Information, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2015-02-16
Critical

CVE-2015-1474

Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial…

CVSS: 10.0 CWE: CWE-189 View on NVD
2015-02-15
Medium

CVE-2015-1574

The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message.

CVSS: 5.0 CWE: CWE-19 View on NVD
Low

CVE-2015-0875

The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a f…

CVSS: 1.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2015-02-10
Medium

CVE-2015-1570

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to…

CVSS: 4.3 CWE: CWE-310 View on NVD
2015-02-06
High

CVE-2015-1212

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly hav…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2015-1211

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.1…

CVSS: 7.5 CWE: N/A View on NVD
Medium

CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and b…

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2015-1209

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 4…

CVSS: 7.5 CWE: CWE-416 - Use After Free View on NVD
2015-02-02
Medium

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive da…

CVSS: 5.0 CWE: CWE-310 View on NVD
2015-01-27
Medium

CVE-2014-9648

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application afte…

CVSS: 4.3 CWE: CWE-284 - Improper Access Control View on NVD
2015-01-15
Medium

CVE-2014-8869

Multiple cross-site scripting (XSS) vulnerabilities in mobiquo/smartbanner/welcome.php in the Tapatalk (com.tapatalk.wbb4) plugin 1.x before 1.1.2 for Woltlab Burning Board 4.0 allow remote attackers…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2015-01-14
Medium

CVE-2014-3314

Cisco AnyConnect on Android and OS X does not properly verify the host type, which allows remote attackers to spoof authentication forms and possibly capture credentials via unspecified vectors, aka…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2015-01-13
Critical

CVE-2015-0309

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-0308

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windo…

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2015-0307

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27…

CVSS: 8.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-0306

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27…

CVSS: 10.0 CWE: N/A View on NVD
Critical

CVE-2015-0305

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2015-0304

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows…

CVSS: 10.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Critical

CVE-2015-0303

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27…

CVSS: 10.0 CWE: N/A View on NVD
Medium

CVE-2015-0302

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27…

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2015-0301

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27…

CVSS: 10.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-12-25
Medium

CVE-2014-1449

The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API.

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
2014-12-24
High

CVE-2014-4322

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain…

CVSS: 7.2 CWE: CWE-787 - Out-of-bounds Write View on NVD
2014-12-19
Medium

CVE-2014-7241

The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
2014-12-15
Low

CVE-2014-8610

AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitr…

CVSS: 3.3 CWE: CWE-264 View on NVD
High

CVE-2014-8609

The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2014-8507

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow rem…

CVSS: 7.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2014-7911

luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the re…

CVSS: 7.2 CWE: CWE-264 View on NVD
2014-12-12
High

CVE-2014-4323

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and ot…

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
2014-12-05
Medium

CVE-2014-7259

SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for Android stores "product credentials" on the SD card, which allows attackers to gain privileges via a crafted application.

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2014-7253

FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA Phone T-01D for Android allows local users to execute arbitrary commands via unspecified vectors.

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2014-11-19
Medium

CVE-2014-7905

Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended acces…

CVSS: 5.0 CWE: CWE-284 - Improper Access Control View on NVD
2014-11-15
Medium

CVE-2014-3502

Apache Cordova Android before 3.5.1 allows remote attackers to open and send data to arbitrary applications via a URL with a crafted URI scheme for an Android intent.

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2014-3501

Apache Cordova Android before 3.5.1 allows remote attackers to bypass the HTTP whitelist and connect to arbitrary servers by using JavaScript to open WebSocket connections through WebView.

CVSS: 4.3 CWE: CWE-254 View on NVD
Medium

CVE-2014-3500

Apache Cordova Android before 3.5.1 allows remote attackers to change the start page via a crafted intent URL.

CVSS: 6.4 CWE: CWE-17 View on NVD
2014-11-07
Medium

CVE-2014-8672

Cross-site scripting (XSS) vulnerability in the RewardingYourself application for Android and BlackBerry OS allows remote attackers to inject arbitrary web script or HTML via a crafted QR code.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2014-8671

Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap Showcase application for Android allows remote attackers to inject arbitrary web script or HTML via a crafted Bluetooth Device Name…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2014-11-04
Medium

CVE-2014-6130

The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information b…

CVSS: 5.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2014-10-29
Medium

CVE-2014-8538

The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
2014-10-21
Medium

CVE-2014-7804

The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7803

The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7802

The Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application @7F050001 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7800

The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 dlygrn for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7799

The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7798

The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application 2.0.41709 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7797

The Thai food (aka com.foods.thaifood) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7796

The House365 Radio (aka com.nobexinc.wls_27853803.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7795

The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7794

The Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application 2.1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7793

The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7791

The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7789

The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7788

The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7787

The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7786

The English Football Magazine (aka com.magzter.englishfootball) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7785

The AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to s…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7784

The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7783

The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7782

The Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7781

The Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7780

The Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application 1.21.38.6504 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7779

The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7778

The Epc World (aka com.magzter.epcworld) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7777

The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application 3.9.14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serve…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7776

The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7775

The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7774

The Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof se…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7773

The Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application 2.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7772

The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7771

The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7770

The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7769

The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application 1.0021.b0021 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacker…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7768

The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7767

The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7766

The 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application 1.0 for Android does not verify X.509 certificates fro…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7765

The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application 1.6.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof se…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7764

The Semper Invicta Fitness (aka com.semper.invicta.fitness) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7763

The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7762

The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensit…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7761

The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7760

The Health assistance service (aka net.nttcloud.ft.karada) application 2.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7759

The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7758

The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof ser…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7757

The Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application 1.0.23 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7756

The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application 4.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7755

The eTopUpOnline (aka com.moremagic.etopup.client.android) application 3.4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7754

The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and o…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7753

The Circa News (aka cir.ca) application 2.1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7752

The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application 3.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7751

The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7750

The Taster Magazine (aka com.magazinecloner.taster) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7749

The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7748

The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7746

The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application @7F0801AA for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers t…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7745

The Flight Manager (aka com.flightmanager.view) application 4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7744

The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7743

The Humor Ironias y Realidades (aka com.wHumork) application 0.63.13371.13576 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof server…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7742

The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7741

The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7740

The Pony Magazine (aka com.triactivemedia.ponymagazine) application @7F080193 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof server…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7739

The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7737

The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7735

The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7734

The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7733

The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7731

The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7728

The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application 1.0010.b0010 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7727

The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensi…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7726

The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7725

The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application 0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7724

The Chemssou Blink (aka com.chemssou.blink) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensi…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7723

The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7722

The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7721

The President Clicker (aka com.flexymind.pclicker) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7720

The Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application @7F0801B2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7719

The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7718

The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtai…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7717

The Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application 3.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attac…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7716

The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoo…

CVSS: 5.4 CWE: CWE-310 View on NVD
Medium

CVE-2014-7715

The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…

CVSS: 5.4 CWE: CWE-310 View on NVD