# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
40851 |
CVE-2014-5566 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Selfshot - Front Flash Camera (aka com.americos.selfshot) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40852 |
CVE-2014-5565 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The GadgetTrak Mobile Security (aka com.activetrak.android.app) application 1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40853 |
CVE-2014-5564 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40854 |
CVE-2014-5563 |
310 |
|
+Info |
2014-09-08 |
2014-11-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40855 |
CVE-2014-5562 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40856 |
CVE-2014-5561 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Word Search Free (aka air.wordSearchFree) application 4.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40857 |
CVE-2014-5560 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40858 |
CVE-2014-5559 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40859 |
CVE-2014-5558 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40860 |
CVE-2014-5557 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40861 |
CVE-2014-5556 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application 3.21.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40862 |
CVE-2014-5555 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application 1.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40863 |
CVE-2014-5554 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application 1.6.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40864 |
CVE-2014-5553 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application 1.3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40865 |
CVE-2014-5552 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application 1.4.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40866 |
CVE-2014-5551 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application 1.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40867 |
CVE-2014-5550 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application 1.6.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40868 |
CVE-2014-5549 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40869 |
CVE-2014-5548 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Christmas Words (aka air.com.sevenBulls.summerWords) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40870 |
CVE-2014-5547 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application 2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40871 |
CVE-2014-5546 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40872 |
CVE-2014-5545 |
310 |
|
+Info |
2014-09-08 |
2014-11-06 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40873 |
CVE-2014-5544 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40874 |
CVE-2014-5543 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application 1.0.17 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40875 |
CVE-2014-5542 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application 1.0.65 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40876 |
CVE-2014-5541 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application 1.0.31 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40877 |
CVE-2014-5540 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40878 |
CVE-2014-5539 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40879 |
CVE-2014-5538 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40880 |
CVE-2014-5537 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application 1.0.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40881 |
CVE-2014-5536 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application 1.31.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40882 |
CVE-2014-5535 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40883 |
CVE-2014-5534 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Princess Shopping (aka air.android.PrincessShopping) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40884 |
CVE-2014-5532 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Honolulu (aka adidas.jp.android.running.honolulu) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40885 |
CVE-2014-5531 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Abode (aka abode.webview) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40886 |
CVE-2014-5530 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Zopim library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40887 |
CVE-2014-5529 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Gameloft library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40888 |
CVE-2014-5528 |
310 |
|
+Info |
2014-09-08 |
2014-09-26 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Appsflyer library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40889 |
CVE-2014-5527 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Tapjoy library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40890 |
CVE-2014-5526 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Inmobi library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40891 |
CVE-2014-5525 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The MoMinis library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40892 |
CVE-2014-5524 |
310 |
|
+Info |
2014-09-08 |
2014-09-09 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
The Adcolony library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
40893 |
CVE-2014-5521 |
89 |
1
|
Exec Code Sql |
2014-09-02 |
2014-09-03 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. |
40894 |
CVE-2014-5509 |
59 |
|
|
2018-01-08 |
2018-02-02 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$. |
40895 |
CVE-2014-5508 |
189 |
|
DoS Overflow |
2014-09-05 |
2014-09-08 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Multiple integer overflows in the HelpServ module (mod-helpserv.c) in srvx 1.3.1 allow remote authenticated IRCops or HelpServ bot managers to cause a denial of service (infinite loop) via a large value in the EmptyInterval parameter or certain other interval configurations. |
40896 |
CVE-2014-5506 |
|
|
Exec Code |
2014-09-04 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Double free vulnerability in SAP Crystal Reports allows remote attackers to execute arbitrary code via crafted connection string record in an RPT file. |
40897 |
CVE-2014-5505 |
119 |
|
Exec Code Overflow |
2014-09-04 |
2017-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file. |
40898 |
CVE-2014-5472 |
20 |
|
DoS |
2014-08-31 |
2017-09-07 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. |
40899 |
CVE-2014-5471 |
399 |
|
DoS |
2014-08-31 |
2017-09-07 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. |
40900 |
CVE-2014-5466 |
79 |
|
XSS |
2014-12-16 |
2014-12-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Web in Splunk Enterprise 6.1.x before 6.1.4, 6.0.x before 6.0.7, and 5.0.x before 5.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |