| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied key, which allows remote attackers to bypass the Always Encrypted protection mechanism and obtain sensitive cleartext information by leveraging key guessability, aka ".NET Information Disclosure Vulnerability." |
| The AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) application 4.4.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application 5.0.14.22 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The ga6748 (aka com.g.ga6748) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application 2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The FastCustomer -- Fast Customer (aka www.fastcustomer.com) application 3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Steganos Online Shield VPN (aka com.steganos.onlineshield) application 1.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application 7.21.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application 1.5.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The AllDealsAsia All Deals ADA app (aka com.ada.deals) application 4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. |
| The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application 0.70.13414.17619 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
| ABB PCM600 before 2.7 uses an improper hash algorithm for the main application password, which makes it easier for local users to obtain sensitive cleartext information by leveraging read access to the ACTConfig configuration file. |
| The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified cryptanalysis of an ADXCSOUF.DAT file. |
| The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters. |
