CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-43201
https://notcve.org/view.php?id=CVE-2024-43201
23 Sep 2024 — The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. • https://apps.apple.com/us/app/planet-fitness-workouts/id399857015 • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32303 – Planet's secret file is created with excessive permissions
https://notcve.org/view.php?id=CVE-2023-32303
12 May 2023 — Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. • https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7463
https://notcve.org/view.php?id=CVE-2014-7463
19 Oct 2014 — The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android IM5 Fans Planet (también conocido como uk.co.pixelkicks.im5) 2.3.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un ... • http://www.kb.cert.org/vuls/id/284969 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7035
https://notcve.org/view.php?id=CVE-2014-7035
16 Oct 2014 — The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Harmonizers Planet (también conocida como uk.co.pixelkicks.fifthharmony) 2.3.4 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información ... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6694
https://notcve.org/view.php?id=CVE-2014-6694
24 Sep 2014 — The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación 5SOS Family Planet 2.3.4 (también conocida como uk.co.pixelkicks.fivesos) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible ... • http://www.kb.cert.org/vuls/id/582497 • CWE-310: Cryptographic Issues •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0213
https://notcve.org/view.php?id=CVE-2001-0213
09 Mar 2001 — Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. • http://archives.neohapsis.com/archives/bugtraq/2001-01/0421.html •