Mission and Overview
NVD is the U.S. government repository of standards based vulnerability management data. This data enables automation of vulnerability management, security measurement, and compliance (e.g. FISMA).
Resource Status
NVD contains:

Last updated: 10/2/2014 8:28:00 AM

CVE Publication rate: 40

Email List

NVD provides four mailing lists to the public. For information and subscription instructions please visit NVD Mailing Lists

Workload Index
Vulnerability Workload Index: 11.52
About Us
NVD is a product of the NIST Computer Security Division and is sponsored by the Department of Homeland Security's National Cyber Security Division. It supports the U.S. government multi-agency (OSD, DHS, NSA, DISA, and NIST) Information Security Automation Program. It is the U.S. government content repository for the Security Content Automation Protocol (SCAP).
CVE-2014-6893

Summary: The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application 1.56 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6892

Summary: The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6890

Summary: The CouponCabin - Coupons & Deals (aka com.couponcabin) application 3.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6889

Summary: The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6888

Summary: The PennyTalk Mobile (aka net.idt.pennytalk.android) application 2.0.3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6886

Summary: The WePhone - phone calls vs skype (aka com.wephoneapp) application 1.03.00 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6885

Summary: The Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application 1.18 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6884

Summary: The Ford Credit Account Manager (aka com.fordcredit.accountmanager) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6883

Summary: The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6882

Summary: The Western Federal Credit Union (aka com.kerrata.pulse.western) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:07 AM

CVE-2014-6881

Summary: The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application 2.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6880

Summary: The TradeHero (aka com.tradehero.th) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6879

Summary: The Equifax Mobile (aka com.equifax) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6878

Summary: The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6877

Summary: The Santander Personal Banking (aka com.sovereign.santander) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6876

Summary: The American Express Serve (aka com.serve.mobile) application @7F0901E4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6875

Summary: The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6874

Summary: The ModSim Connected (aka com.concursive.modsim) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6873

Summary: The AMGC (aka com.amec.uae) application 6.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM

CVE-2014-6872

Summary: The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 10/2/2014 6:55:06 AM