CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-43201
https://notcve.org/view.php?id=CVE-2024-43201
The Planet Fitness Workouts iOS and Android mobile apps prior to version 9.8.12 (released on 2024-07-25) fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. • https://apps.apple.com/us/app/planet-fitness-workouts/id399857015 https://dontvacuum.me/bugs/pf • CWE-295: Improper Certificate Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32303 – Planet's secret file is created with excessive permissions
https://notcve.org/view.php?id=CVE-2023-32303
Planet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand. • https://github.com/planetlabs/planet-client-python/commit/d71415a83119c5e89d7b80d5f940d162376ee3b7 https://github.com/planetlabs/planet-client-python/releases/tag/2.0.1 https://github.com/planetlabs/planet-client-python/security/advisories/GHSA-j5fj-rfh6-qj85 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7463
https://notcve.org/view.php?id=CVE-2014-7463
The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android IM5 Fans Planet (también conocido como uk.co.pixelkicks.im5) 2.3.1 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/284969 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7035
https://notcve.org/view.php?id=CVE-2014-7035
The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación para Android Harmonizers Planet (también conocida como uk.co.pixelkicks.fifthharmony) 2.3.4 no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle suplantar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/862425 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6694
https://notcve.org/view.php?id=CVE-2014-6694
The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application 2.3.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación 5SOS Family Planet 2.3.4 (también conocida como uk.co.pixelkicks.fivesos) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/582497 http://www.kb.cert.org/vuls/id/708073 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •