| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Brisbane & Queensland Alert (aka com.queensland.alert) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit. |
| The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. |
| The Brain lab - brain age games IQ (aka com.sixdead.brainlab) application 2.37 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Skout: Chats. Friends. Fun. (aka com.skout.android) application 4.3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application 1.0.34 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The SomNote - Journal/Memo (aka com.somcloud.somnote) application 2.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Bunny Run (aka com.stargirlgames.google.bunnyrun) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Best Racing/moto Games Ranking (aka com.subapp.android.racing) application 2.2.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Donut Maker (aka com.sunstorm.android.donut) application 1.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Microsoft Tech Companion (aka com.technet) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application 1.07 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Text Me! Free Texting & Call (aka com.textmeinc.textme) application 2.5.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
