# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
10901 |
CVE-2014-5959 |
310 |
|
+Info |
2014-09-19 |
2014-10-02 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10902 |
CVE-2014-5958 |
310 |
|
+Info |
2014-09-19 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10903 |
CVE-2014-5957 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10904 |
CVE-2014-5956 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10905 |
CVE-2014-5955 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10906 |
CVE-2014-5954 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10907 |
CVE-2014-5953 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The KASKUS (aka com.kaskus.android) application 2.13.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10908 |
CVE-2014-5952 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10909 |
CVE-2014-5951 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10910 |
CVE-2014-5950 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10911 |
CVE-2014-5949 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10912 |
CVE-2014-5948 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Obama for America (aka com.barackobama.ofa) application 1.02 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10913 |
CVE-2014-5947 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10914 |
CVE-2014-5946 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application 3.4.12 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10915 |
CVE-2014-5945 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10916 |
CVE-2014-5944 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10917 |
CVE-2014-5943 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10918 |
CVE-2014-5942 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10919 |
CVE-2014-5941 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Armpit Spa & Girl Games (aka com.freegames.spamakeover) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10920 |
CVE-2014-5940 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10921 |
CVE-2014-5939 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10922 |
CVE-2014-5938 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10923 |
CVE-2014-5937 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Social Networking (aka com.wSocialNetworkingSites) application 0.33.13320.99980 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10924 |
CVE-2014-5936 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The INCOgnito Private Browser (aka com.SL.InCoBrowser) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10925 |
CVE-2014-5935 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10926 |
CVE-2014-5934 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10927 |
CVE-2014-5933 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10928 |
CVE-2014-5932 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Vodafone [email protected] (aka com.mobileiron.vodafone.MIClient) application 6.0.0.1.12R for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10929 |
CVE-2014-5931 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10930 |
CVE-2014-5930 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Store and Share (aka sg.com.singnet.mystorage.android) application 2.0.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10931 |
CVE-2014-5929 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10932 |
CVE-2014-5928 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Steganos Online Shield VPN (aka com.steganos.onlineshield) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10933 |
CVE-2014-5927 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10934 |
CVE-2014-5926 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10935 |
CVE-2014-5925 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application 0.312 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10936 |
CVE-2014-5924 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Monster Makeup (aka com.bearhugmedia.android_monster) application 1.0.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10937 |
CVE-2014-5923 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10938 |
CVE-2014-5922 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The ga6748 (aka com.g.ga6748) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10939 |
CVE-2014-5921 |
310 |
|
+Info |
2014-09-18 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10940 |
CVE-2014-5920 |
310 |
|
+Info |
2014-09-18 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10941 |
CVE-2014-5919 |
310 |
|
+Info |
2014-09-18 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application 1.3.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10942 |
CVE-2014-5918 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Secret Circle - talk freely (aka com.easyxapp.secret) application 2.2.00.26 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10943 |
CVE-2014-5917 |
310 |
|
+Info |
2014-09-17 |
2014-09-23 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10944 |
CVE-2014-5916 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10945 |
CVE-2014-5915 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10946 |
CVE-2014-5914 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10947 |
CVE-2014-5913 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10948 |
CVE-2014-5912 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The InNote (aka com.intsig.notes) application 1.0.3.20131119 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10949 |
CVE-2014-5911 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
10950 |
CVE-2014-5910 |
310 |
|
+Info |
2014-09-17 |
2014-09-22 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application 1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |